96cf2e969eb1b4d6522eb1786d6a673d1cbf5914c19030b375d609539234f291

Resubmissions

14-04-2023 10:14

230414-l95e9ahd93 1

14-04-2023 10:14

230414-l9s28aah4t 1

Sharing

Copy URL

Twitter E-mail

General

Target

96cf2e969eb1b4d6522eb1786d6a673d1cbf5914c19030b375d609539234f291
Size

116KB
MD5

7c6072d3c4c3ac4bcc0472728cc7963f
SHA1

612592731f77f8b34ea17215c377e2a282c5bb02
SHA256

96cf2e969eb1b4d6522eb1786d6a673d1cbf5914c19030b375d609539234f291
SHA512

e8469f7a1c1b4b31e4c61f6aa4040a8e88791a2d0099815f7bc225350f5c8ebe36128804d982c9a1bc1e1bb19f83252e15e848aa8f842a4559ff06a345a3acd1
SSDEEP

1536:PtUakm9npVtqoRGksfPJYnwk4MD7kNKy86W96Kz+msww9O0CGlMa7J:PtUadpVtopyw69j+HgUMa7J

Score

1^/10

Malware Config

Signatures

Files

96cf2e969eb1b4d6522eb1786d6a673d1cbf5914c19030b375d609539234f291
.exe windows x86

bbd7cc0665a1ffe2f67dfee55d42c49d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQuerySymbolicLinkObject
RtlUpcaseUnicodeString
FsRtlGetFileSize
_chkstk
memcpy
memset
KeQuerySystemTime
ZwCreateKey
ZwOpenSymbolicLinkObject
ObfDereferenceObject
PsGetCurrentProcessId
PsGetCurrentThreadId
KeTickCount
KeBugCheckEx
RtlUnwind
ZwSetValueKey
ZwQueryValueKey
ZwOpenKey
ExInterlockedPushEntrySList
ZwClose
PsGetVersion
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlCompareMemory
RtlSetDaclSecurityDescriptor
RtlFreeUnicodeString
RtlAppendUnicodeStringToString
RtlCopyUnicodeString
RtlCompareUnicodeString
RtlInitUnicodeString
RtlUnicodeStringToInteger
RtlInt64ToUnicodeString
RtlIntegerToUnicodeString
_wcsupr
wcsstr
ExInterlockedPopEntrySList
wcschr

hal

KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql

fltmgr.sys

FltGetRequestorProcessId
FltFreeSecurityDescriptor
FltBuildDefaultSecurityDescriptor
FltCloseClientPort
FltCloseCommunicationPort
FltCreateCommunicationPort
FltGetVolumeProperties
FltReleaseContext
FltGetInstanceContext
FltSetInstanceContext
FltAllocateContext
FltGetDestinationFileNameInformation
FltParseFileNameInformation
FltReleaseFileNameInformation
FltGetFileNameInformation
FltGetRoutineAddress
FltStartFiltering
FltUnregisterFilter
FltRegisterFilter
FltGetDeviceObject

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 762KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

bbd7cc0665a1ffe2f67dfee55d42c49d

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

fltmgr.sys

Sections

.text Size: 67KB - Virtual size: 67KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 1KB - Virtual size: 762KB

PAGE Size: 15KB - Virtual size: 14KB

INIT Size: 10KB - Virtual size: 9KB

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 1KB - Virtual size: 762KB

PAGE
Size: 15KB - Virtual size: 14KB

INIT
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 9KB - Virtual size: 9KB