377cb592c93f2afff3bef0b0abff9d431aed6c0b260792a1eacde8f709f0c1ca

General

Target

377cb592c93f2afff3bef0b0abff9d431aed6c0b260792a1eacde8f709f0c1ca
Size

69KB
MD5

94c4237442657b0a015ce76c2a018c72
SHA1

53f65a940050497a5b1127fbbd189e9a89dee3af
SHA256

377cb592c93f2afff3bef0b0abff9d431aed6c0b260792a1eacde8f709f0c1ca
SHA512

10f3b82aef0772331b44c92aa047bf51fd3c634d2cfd0970c22f4be7ff87f230e193455919fbd29ca0bc27b7b331dab6f02a9cc2ca9f1636e423f0cd441c8393
SSDEEP

1536:D0vuVScphlOKEfcQl7NJ/rzrzYrlNXkHwGFl3U:RLFEcK7zz4jk/

Score

N/A

Malware Config

Signatures

Files

377cb592c93f2afff3bef0b0abff9d431aed6c0b260792a1eacde8f709f0c1ca
.exe windows x86

517cc588d18ea207bc038f6c231067ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwCreateTimer
ZwQueryEaFile
memcpy
CcGetFileObjectFromBcb
ExSystemExceptionFilter
ZwQueryInformationFile
RtlDeleteRange
RtlInitUnicodeString
ZwCreateSection
ExfInterlockedPopEntryList
RtlImageNtHeader
IoStartNextPacket
ExFreePool
PsReferenceImpersonationToken
ZwCreateSymbolicLinkObject
ZwOpenFile
KeSetSystemAffinityThread
IoFreeWorkItem
ExAllocatePool
ExRegisterCallback
InterlockedExchange
PsGetCurrentProcessId

classpnp.sys

ClassReleaseQueue
ClassInterpretSenseInfo
ClassSendIrpSynchronous
ClassIoComplete
ClassInvalidateBusRelations
ClassClaimDevice
ClassSetMediaChangeState
ClassCleanupMediaChangeDetection
ClassIoCompleteAssociated
ClassDeleteSrbLookasideList
ClassDeviceControl
ClassReadDriveCapacity
ClassEnableMediaChangeDetection
ClassSendDeviceIoControlSynchronous
ClassInternalIoControl
ClassDebugPrint

hal

KeRaiseIrql
HalSetDisplayParameters
HalSetTimeIncrement
HalReturnToFirmware
KeRaiseIrqlToDpcLevel

Exports

Exports

VezbIcs
MjhqkMizquwPsdhzatBy
WxUocwNyilkaDgmgcfr
RkmXjqd
WavqyugEwkxsxlJrst

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

517cc588d18ea207bc038f6c231067ab

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

classpnp.sys

hal

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 16KB - Virtual size: 63KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 50B

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 16KB - Virtual size: 63KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 50B