Static task
static1
Behavioral task
behavioral1
Sample
080a99c0897cbce7c564ad172de203efcb4c3cee7eafe1b041ddbb510dabd81f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
080a99c0897cbce7c564ad172de203efcb4c3cee7eafe1b041ddbb510dabd81f.exe
Resource
win10v2004-20220901-en
General
-
Target
080a99c0897cbce7c564ad172de203efcb4c3cee7eafe1b041ddbb510dabd81f
-
Size
117KB
-
MD5
642215b3417e44975d4f578730329d84
-
SHA1
2fed631d65984ff6316edd63e9a9f94e8a7f8e95
-
SHA256
080a99c0897cbce7c564ad172de203efcb4c3cee7eafe1b041ddbb510dabd81f
-
SHA512
e8df52e8088010ca5b037941b37d7330800b981316067c7c1d2690244c05e3b57d0600c761ec02d8ce7c6374144b2c38552b2a377bb430efd43ce52d85c8b87a
-
SSDEEP
3072:sq2gk7m1Vn/FzuvAJRIq+2jZ2dggXBa7D:s1MPzjZ2dBID
Malware Config
Signatures
Files
-
080a99c0897cbce7c564ad172de203efcb4c3cee7eafe1b041ddbb510dabd81f.exe windows x86
f298afbb2b7e58816be025f0450f017f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_except_handler3
KeSetTimer
KeCancelTimer
KeInsertQueueDpc
IoInvalidateDeviceRelations
KefReleaseSpinLockFromDpcLevel
IoInvalidateDeviceState
KeSetEvent
KefAcquireSpinLockAtDpcLevel
KeWaitForSingleObject
IofCallDriver
IoBuildSynchronousFsdRequest
KeInitializeEvent
IoDetachDevice
ExFreePoolWithTag
IoGetDeviceProperty
IoAttachDeviceToDeviceStack
KeInitializeDpc
KeInitializeTimer
KeSetTimerEx
IoConnectInterrupt
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
MmUnmapIoSpace
WRITE_REGISTER_UCHAR
READ_REGISTER_UCHAR
MmMapIoSpace
IoReportResourceForDetection
IoReportDetectedDevice
IoAssignResources
sprintf
PoStartNextPowerIrp
ObReferenceObjectByPointer
IoDisconnectInterrupt
PoRequestPowerIrp
IoCancelIrp
PoCallDriver
PoSetPowerState
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlIntegerToUnicodeString
IoGetDmaAdapter
HalDispatchTable
RtlCompareMemory
memmove
IoOpenDeviceRegistryKey
IoReleaseCancelSpinLock
ZwEnumerateKey
ZwQueryKey
ZwSetValueKey
RtlQueryRegistryValues
ZwCreateKey
RtlLargeIntegerDivide
IoStartTimer
IoInitializeTimer
READ_REGISTER_USHORT
strstr
toupper
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoRaiseInformationalHardError
KeTickCount
KeBugCheckEx
RtlInitAnsiString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
IoCreateDevice
IoCreateSymbolicLink
KeInitializeSpinLock
IoDeleteSymbolicLink
IoDeleteDevice
WRITE_REGISTER_ULONG
READ_REGISTER_ULONG
IofCompleteRequest
ExAllocatePoolWithTag
hal
KeStallExecutionProcessor
KeQueryPerformanceCounter
WRITE_PORT_USHORT
READ_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_UCHAR
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
HalTranslateBusAddress
HalMakeBeep
Sections
.text Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ