8755bf75564616c9e7233b75c7c0613ec6b21510506469f8b0a4ec1a197ec7fc

Sharing

Copy URL Twitter E-mail

General

Target

8755bf75564616c9e7233b75c7c0613ec6b21510506469f8b0a4ec1a197ec7fc
Size

61KB
MD5

4c1d86ed8e35c60c3c67b8acab83c2a6
SHA1

801b774ef1859f6c18b4c5b5fda6b1f43abe1c29
SHA256

8755bf75564616c9e7233b75c7c0613ec6b21510506469f8b0a4ec1a197ec7fc
SHA512

401c263e3f4e6e90b3b8ae375a4ab9d7adc7942cfec0eaf088e7e75698fe52e7022f4617911c587101c5c0e776ae1df0a269e47d6c80f8edfc9d4ec7e6d83dbc
SSDEEP

1536:UoFMCL6GImJseZABqDuvIXOE81wvmo38Rzanir9owCQS1:tfLjI6mqivaONxo3KFJKQM

Score

N/A

Malware Config

Signatures

Files

8755bf75564616c9e7233b75c7c0613ec6b21510506469f8b0a4ec1a197ec7fc
.exe windows x86

8e1cdd64406f2ba160d47e510446afb5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memset
KeDelayExecutionThread
ZwDeleteFile
_wcsnicmp
KeReleaseMutex
KeWaitForSingleObject
KeSetEvent
ZwEnumerateKey
KeQuerySystemTime
ZwOpenKey
KeInitializeMutex
RtlUnicodeStringToInteger
wcschr
ExfInterlockedInsertTailList
memcpy
ExfInterlockedRemoveHeadList
KeGetCurrentThread
PsIsThreadTerminating
KeQueryTimeIncrement
KeTickCount
_allrem
_alldiv
_allmul
IoBuildPartialMdl
PsGetCurrentProcessId
_vsnwprintf
ExAllocatePool
RtlImageDirectoryEntryToData
KeServiceDescriptorTable
ZwFreeVirtualMemory
KeUserModeCallback
IoGetCurrentProcess
ZwAllocateVirtualMemory
_stricmp
PsGetCurrentThreadId
ObQueryNameString
_wcsicmp
RtlEqualUnicodeString
ObfReferenceObject
ObReferenceObjectByHandle
ZwCreateFile
ZwWriteFile
ZwReadFile
ZwQueryInformationFile
ZwLoadDriver
ZwUnloadDriver
ZwDeleteKey
ZwCreateKey
ZwSetValueKey
KeBugCheckEx
PsCreateSystemThread
ZwClose
ExFreePoolWithTag
RtlInitUnicodeString
IoDriverObjectType
ObReferenceObjectByName
ObfDereferenceObject
ProbeForRead
IoAllocateMdl
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
IoFreeMdl
RtlInitAnsiString
IofCompleteRequest
RtlGetVersion
ZwQueryValueKey
KeInitializeEvent
RtlUnwind

hal

KfAcquireSpinLock
ExReleaseFastMutex
ExAcquireFastMutex
KfLowerIrql
KeRaiseIrqlToDpcLevel
KeGetCurrentIrql
KfReleaseSpinLock

ndis.sys

NdisResetEvent
NdisInitializeEvent
NdisSetEvent
NdisFreePacketPool
NdisAllocatePacketPool
NdisFreePacket
NdisWaitEvent
NdisAllocatePacket

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e1cdd64406f2ba160d47e510446afb5

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 768B - Virtual size: 724B

.data Size: 3KB - Virtual size: 3KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 768B - Virtual size: 724B

.data
Size: 3KB - Virtual size: 3KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 2KB - Virtual size: 2KB