9775adcb330bc53f5f678d77b0c63deb848adbf7cbb5c5ceee255a015419e8aa

Sharing

Copy URL Twitter E-mail

General

Target

9775adcb330bc53f5f678d77b0c63deb848adbf7cbb5c5ceee255a015419e8aa
Size

34KB
MD5

59458848117a03f8b536f08ab9b29a80
SHA1

403a61d019c7917d989606c2e28920d272aa94fd
SHA256

9775adcb330bc53f5f678d77b0c63deb848adbf7cbb5c5ceee255a015419e8aa
SHA512

b4ab8656b108978981a639273874fe982dd199693934b63a4ac903df4f523ab25915e92010c9b93808f7dc94436db872a033ae16111f7a9046d627480eabef3c
SSDEEP

768:wmhpRxnMXzFL7HbKrI1zPiL6G+UAlP+FlHhsyQDpn:9hp3MXzNHj122G+UAlAlBBU

Score

N/A

Malware Config

Signatures

Files

9775adcb330bc53f5f678d77b0c63deb848adbf7cbb5c5ceee255a015419e8aa
.exe windows x86

bafaf09d8670f686cf9ad70495dfc0c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoWMIWriteEvent
ExAllocatePoolWithTag
memcpy
memset
MmGetSystemRoutineAddress
RtlInitUnicodeString
RtlCompareMemory
IoWMIRegistrationControl
IofCompleteRequest
IofCallDriver
KeSetEvent
ZwClose
ZwFsControlFile
ZwOpenFile
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
ObfDereferenceObject
IoGetAttachedDeviceReference
IoFileObjectType
ZwMapViewOfSection
ZwCreateSection
RtlInsertElementGenericTableAvl
ZwQueryVolumeInformationFile
RtlInitializeGenericTableAvl
ZwUnmapViewOfSection
RtlLookupElementGenericTableAvl
MmBuildMdlForNonPagedPool
IoFreeMdl
IoAllocateIrp
ExFreePoolWithTag
IoFreeIrp
ZwReadFile
MmMapLockedPagesSpecifyCache
IoBuildPartialMdl
_alldiv
_allrem
_allshr
NtQueryInformationFile
IoInvalidateDeviceRelations
IoDeleteDevice
IoCreateDevice
swprintf_s
NtDuplicateObject
PsGetCurrentProcess
ObOpenObjectByPointer
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
ObfReferenceObject
DbgPrint
IoDetachDevice
PoCallDriver
PoStartNextPowerIrp
KeResetEvent
PsCreateSystemThread
IoAttachDeviceToDeviceStackSafe
IoReportDetectedDevice
KeTickCount
KeBugCheckEx
_allmul
IoAllocateMdl
ObReferenceObjectByHandle

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 369B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bafaf09d8670f686cf9ad70495dfc0c3

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 512B - Virtual size: 369B

.data Size: 1024B - Virtual size: 600B

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 512B - Virtual size: 369B

.data
Size: 1024B - Virtual size: 600B

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 2KB - Virtual size: 1KB