9e1c6f552af8bec4c37b737157c9ba16e29d85655d4eac39cf5ee0bf48377194

Sharing

Copy URL

Twitter E-mail

General

Target

9e1c6f552af8bec4c37b737157c9ba16e29d85655d4eac39cf5ee0bf48377194
Size

63KB
MD5

6aec77c39f18fd011b65e6493242b9bf
SHA1

cb8d18688b0b2810f65b99a54a106d09fa16075d
SHA256

9e1c6f552af8bec4c37b737157c9ba16e29d85655d4eac39cf5ee0bf48377194
SHA512

ef9bdce16666cdad3379e6337eee86d2297db225a2ad3ac5c379899347db1dcef9e3d41c4c38a1010ed47ce34e5467c86670ee5c16ff782ba18075702646c932
SSDEEP

768:D/NA29vprT5RIvVHBcq1F0hhovzSEAAzMQTBHaje10JyBaUfPOSpgnona0ppT:rNA29vZyhcMjb/QCtNfkoN/

Score

N/A

Malware Config

Signatures

Files

9e1c6f552af8bec4c37b737157c9ba16e29d85655d4eac39cf5ee0bf48377194
.exe windows x86

2da71861ca7a4f2be76f7e4a7ea53551

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hal

WRITE_PORT_BUFFER_UCHAR
KfReleaseSpinLock
HalTranslateBusAddress
HalGetInterruptVector
ExAcquireFastMutex
ExReleaseFastMutex
WRITE_PORT_UCHAR
KdComPortInUse
READ_PORT_UCHAR
KfRaiseIrql
KfLowerIrql
KfAcquireSpinLock

ntoskrnl.exe

IoCancelIrp
KeInitializeDpc
KeInitializeTimer
ExAllocatePoolWithTag
DbgBreakPoint
KeInitializeSpinLock
memmove
PoSetPowerState
KeWaitForSingleObject
ExAllocatePoolWithQuotaTag
_except_handler3
KeInsertQueueDpc
KeDelayExecutionThread
MmLockPagableSectionByHandle
MmQuerySystemSize
KeQuerySystemTime
KeSetEvent
KeSetTimer
IofCallDriver
PoCallDriver
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeCancelTimer
IoInvalidateDeviceState
IoQueryDeviceDescription
ZwClose
IoDetachDevice
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlDeleteRegistryValue
IoDeleteSymbolicLink
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
RtlWriteRegistryValue
IoCreateSymbolicLink
wcslen
RtlInitUnicodeString
KeInitializeEvent
IoCreateDevice
RtlIntegerToUnicodeString
IoAttachDeviceToDeviceStack
IoConnectInterrupt
RtlQueryRegistryValues
ZwQueryValueKey
ZwSetValueKey
ZwEnumerateKey
IoReportDetectedDevice
ZwOpenKey
PoRequestPowerIrp
PoStartNextPowerIrp
KeClearEvent
KeTickCount
KeBugCheckEx
IoDeleteDevice
IoGetConfigurationInformation
IoWMIRegistrationControl
IoDisconnectInterrupt
KeRemoveQueueDpc
MmUnmapIoSpace
MmMapIoSpace
MmLockPagableDataSection
ExFreePoolWithTag
MmUnlockPagableImageSection
_allmul
IoAcquireCancelSpinLock
KeSynchronizeExecution
IoReleaseCancelSpinLock
IoOpenDeviceRegistryKey
IofCompleteRequest

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGESRP0
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESER
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2da71861ca7a4f2be76f7e4a7ea53551

Headers

File Characteristics

Imports

hal

ntoskrnl.exe

wmilib.sys

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 512B - Virtual size: 484B

.data Size: 384B - Virtual size: 280B

PAGESRP0 Size: 15KB - Virtual size: 15KB

PAGESER Size: 14KB - Virtual size: 14KB

INIT Size: 9KB - Virtual size: 9KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 512B - Virtual size: 484B

.data
Size: 384B - Virtual size: 280B

PAGESRP0
Size: 15KB - Virtual size: 15KB

PAGESER
Size: 14KB - Virtual size: 14KB

INIT
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 2KB - Virtual size: 1KB