7c48c1c26bdab0759787e130d6e0caefc70c7ea14be9856f385af422cd9d9f3f

Sharing

Copy URL Twitter E-mail

General

Target

7c48c1c26bdab0759787e130d6e0caefc70c7ea14be9856f385af422cd9d9f3f
Size

255KB
MD5

3a717a1531ab1bab3da31d936efdd6c6
SHA1

9f7f95507ebb2cfcf6fa3d99e0019c42884e10ab
SHA256

7c48c1c26bdab0759787e130d6e0caefc70c7ea14be9856f385af422cd9d9f3f
SHA512

13d0e4d7b1290e7d356e276990a17f5990dec62ca6612ded994fae1dcce785d0ee72067b4c8799e08342608fa8288a6d899bb1e68b20bc5a2242ddcb1b83bb61
SSDEEP

6144:iJRewSuRRq9S8zbtJ7CDmjqVM01BxRyx/wiyXegq5FHC:iJRewSmRMHntJGDmmTjxzPegG

Score

N/A

Malware Config

Signatures

Files

7c48c1c26bdab0759787e130d6e0caefc70c7ea14be9856f385af422cd9d9f3f
.exe windows x64

9526b4cfb8b44608e4680a5c0edaa74f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoAllocateIrp
IoFreeIrp
strchr
RtlInitString
RtlOemStringToUnicodeString
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
MmMapLockedPagesSpecifyCache
RtlInitAnsiString
RtlAppendStringToString
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExQueryDepthSList
KeCancelTimer
ZwClose
ZwCancelTimer
ZwCreateTimer
ZwSetTimer
RtlInitUnicodeString
IoGetDeviceObjectPointer
ObfReferenceObject
IoBuildDeviceIoControlRequest
IofCallDriver
RtlIntegerToUnicodeString
RtlAppendUnicodeStringToString
KeInitializeDpc
KeSetTimer
KeInitializeTimer
IoWMIWriteEvent
MmGetSystemRoutineAddress
IoWMIRegistrationControl
ExDeleteResourceLite
RtlCopyUnicodeString
KeClearEvent
KeDelayExecutionThread
IoDeleteDevice
IoGetRelatedDeviceObject
memchr
ZwQueryInformationFile
RtlIpv4StringToAddressA
ZwCreateFile
RtlFreeUnicodeString
ObReferenceObjectByHandle
IoFileObjectType
IoSetShareAccess
SeAssignSecurity
IoRemoveShareAccess
SeAccessCheck
IoCheckShareAccess
MmUserProbeAddress
ZwCreateEvent
ZwDeviceIoControlFile
NtWaitForSingleObject
ZwCreateKey
ExInterlockedPushEntryList
ExQueueWorkItem
IoFreeWorkItem
KeInsertQueueDpc
IoAllocateWorkItem
IoQueueWorkItem
IoCancelIrp
RtlCompareUnicodeString
_vsnprintf
RtlGUIDFromString
ZwWaitForSingleObject
MmBuildMdlForNonPagedPool
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
RtlIpv4AddressToStringW
RtlAppendUnicodeToString
ZwOpenKey
ZwQueryValueKey
IoBuildPartialMdl
MmUnmapLockedPages
MmLockPagableDataSection
KeBugCheckEx
RtlFreeOemString
RtlUpcaseUnicodeStringToOemString
IofCompleteRequest
SeDeassignSecurity
ObfDereferenceObject
KeResetEvent
KeWaitForSingleObject
KeSetEvent
_stricmp
KeDetachProcess
KeAttachProcess
PsGetCurrentProcess
IoFreeMdl
ExInterlockedInsertHeadList
IoAllocateMdl
KeInitializeSemaphore
ExInterlockedInsertTailList
strrchr
RtlGetVersion
ExInitializeResourceLite
KeInitializeEvent
ExSystemTimeToLocalTime
RtlCompareMemory
KeLeaveCriticalRegion
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
KeEnterCriticalRegion
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
strncmp
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
ExFreePoolWithTag
ZwReadFile
ExAllocatePoolWithTag
ZwSetSecurityObject
IoCreateDevice
IoDeviceObjectType
ObOpenObjectByPointer
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
wcschr
_wcsnicmp
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
RtlLengthSid
RtlCreateSecurityDescriptor
ZwSetValueKey
__C_specific_handler

tdi.sys

TdiPnPPowerRequest
TdiPnPPowerComplete
TdiEnumerateAddresses
TdiDeregisterDeviceObject
TdiDeregisterNetAddress
TdiRegisterNetAddress
TdiRegisterDeviceObject
TdiProviderReady
TdiDeregisterPnPHandlers
TdiMapUserRequest
TdiDeregisterProvider
TdiRegisterPnPHandlers
TdiRegisterProvider
TdiInitialize
TdiDefaultRcvExpeditedHandler
TdiDefaultSendPossibleHandler
TdiDefaultReceiveHandler
TdiDefaultErrorHandler
TdiDefaultDisconn��andler
TdiDefaultConnectHandler
TdiCopyMdlToBuffer
TdiCopyBufferToMdl
TdiDefaultRcvDatagramHandler
TdiBuildNetbiosAddress
TdiGet9FTriageBlock

netio.sys

NsiRegisterChangeNotification
NsiSetAllParameters
NsiGetParameter
NsiFreeTable
NsiAllocateAndGetTable
NsiGetAllParameters
NsiDeregisterChangeNotification

ndis.sys

NdisGetThreadObjectCompartmentId
NdisSetThreadObjectCompartmentId

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGENBT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9526b4cfb8b44608e4680a5c0edaa74f

Headers

File Characteristics

Imports

ntoskrnl.exe

tdi.sys

netio.sys

ndis.sys

Sections

.text Size: 167KB - Virtual size: 167KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 6KB - Virtual size: 6KB

.pdata Size: 11KB - Virtual size: 11KB

PAGE Size: 47KB - Virtual size: 46KB

PAGENBT Size: 2KB - Virtual size: 2KB

INIT Size: 9KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 167KB - Virtual size: 167KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 6KB - Virtual size: 6KB

.pdata
Size: 11KB - Virtual size: 11KB

PAGE
Size: 47KB - Virtual size: 46KB

PAGENBT
Size: 2KB - Virtual size: 2KB

INIT
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 64B