3444bd4b9063f412aa3b02e40992fef033543da70a0d8916a1524137d845d0ca

General

Target

3444bd4b9063f412aa3b02e40992fef033543da70a0d8916a1524137d845d0ca
Size

62KB
MD5

6fc8ef40d1acc54c18050413c241800b
SHA1

08d0b459394a23e0ae144e90f8d2ef18176c2687
SHA256

3444bd4b9063f412aa3b02e40992fef033543da70a0d8916a1524137d845d0ca
SHA512

3e7966890ee63025456c95305f60fa22db8398309a5fdded0834ba567f860b58c530f44c22f540edb9197452573e04bc955775a538e0dcfd8da515693df2bc7c
SSDEEP

768:/KGcpoAc4ofkEvckFo0Eol4tFN6ytsWJeN1V8ofKFoMgUBPD+IZNB/pKY0:LAc4ofFvZrEG4tFAyGnMoC6a/4Y0

Score

N/A

Malware Config

Signatures

Files

3444bd4b9063f412aa3b02e40992fef033543da70a0d8916a1524137d845d0ca
.exe windows x86

58c7bd16baf091869f1f94143f0e0fa0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmGetPhysicalAddress
ZwOpenKey
RtlInitUnicodeString
ZwQueryValueKey
ZwClose
RtlCopyUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlCreateRegistryKey
RtlWriteRegistryValue
MmAllocateContiguousMemory

scsiport.sys

ScsiPortMoveMemory
ScsiPortReadRegisterUlong
ScsiPortWriteRegisterUlong
ScsiPortReadRegisterUshort
ScsiPortWriteRegisterUshort
ScsiPortReadRegisterUchar
ScsiPortWriteRegisterUchar
ScsiPortInitialize
ScsiPortLogError
ScsiPortStallExecution
ScsiPortConvertUlongToPhysicalAddress
ScsiPortGetDeviceBase
ScsiPortGetUncachedExtension
ScsiPortNotification
ScsiPortWritePortUlong
ScsiPortReadPortUlong
ScsiPortGetPhysicalAddress
ScsiPortGetBusData

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 261B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58c7bd16baf091869f1f94143f0e0fa0

Headers

File Characteristics

Imports

ntoskrnl.exe

scsiport.sys

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 384B - Virtual size: 261B

.data Size: 16KB - Virtual size: 15KB

INIT Size: 1024B - Virtual size: 1004B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 384B - Virtual size: 261B

.data
Size: 16KB - Virtual size: 15KB

INIT
Size: 1024B - Virtual size: 1004B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB