58cf281abb12ae875784c89d9c5345c5243586e86f533ce0a7acc33faae9dd30

Sharing

Copy URL

Twitter E-mail

General

Target

58cf281abb12ae875784c89d9c5345c5243586e86f533ce0a7acc33faae9dd30
Size

183KB
MD5

51e0168178c55eb729579921fe87d7c0
SHA1

875bdeb040b7af0b41f5f73b049cd1ea2a83bfe6
SHA256

58cf281abb12ae875784c89d9c5345c5243586e86f533ce0a7acc33faae9dd30
SHA512

5e06ab32097e6e15488b61eeaba27ef1b0d39799de196cd182be00c92591ead087fe49e068dc2637f3f2ca1449643395a5330b2c1c3aab0b99bd76f04ce595a1
SSDEEP

3072:Xb0DV40DM6HCRs31JB2OYHVdsiZUFfCdOHVudX2OzWPhV8AIk:mFDlJBHYH/stFJ4dX2QQ1Ik

Score

N/A

Malware Config

Signatures

Files

58cf281abb12ae875784c89d9c5345c5243586e86f533ce0a7acc33faae9dd30
.exe windows x86

a173c8964fe69aaf5db4e482b12dac19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
InterlockedPopEntrySList
InterlockedPushEntrySList
IoInvalidateDeviceRelations
InterlockedDecrement
strstr
IoGetAttachedDeviceReference
KeWaitForSingleObject
KeInitializeEvent
ExfInterlockedInsertTailList
IofCompleteRequest
ObReferenceObjectByPointer
RtlCompareMemory
PoRequestPowerIrp
ExQueueWorkItem
IoReleaseCancelSpinLock
InterlockedExchange
PoSetSystemState
ZwPowerInformation
PoStartNextPowerIrp
PoCallDriver
IoAcquireCancelSpinLock
PoSetPowerState
KdEnableDebugger
KdDisableDebugger
IofCallDriver
ExDeleteNPagedLookasideList
ObfDereferenceObject
IoBuildSynchronousFsdRequest
IoDetachDevice
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
RtlInitUnicodeString
RtlIntegerToUnicodeString
ZwClose
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwSetValueKey
IoOpenDeviceRegistryKey
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
ExfInterlockedCompareExchange64
InterlockedIncrement
ExCreateCallback
KeSetTimer
RtlGetNextRange
InterlockedCompareExchange
memmove
RtlFreeUnicodeString
RtlAddRange
RtlFreeRangeList
RtlEqualUnicodeString
HeadlessDispatch
IoRequestDeviceEject
PoShutdownBugCheck
ZwCreateKey
ZwQueryValueKey
ZwOpenKey
RtlUnicodeStringToInteger
ZwEnumerateKey
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlFindLeastSignificantBit
IoWMIRegistrationControl
IoWMIWriteEvent
vsprintf
ObReferenceObjectByHandle
KeClearEvent
PsTerminateSystemThread
KeWaitForMultipleObjects
PsCreateSystemThread
wcslen
ObfReferenceObject
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
KeTickCount
KeInsertQueueDpc
KeSetEvent
swprintf
sprintf
RtlCopyUnicodeString
KeQueryActiveProcessors
KeInitializeTimer
KeInitializeSpinLock
ExInitializeNPagedLookasideList
KefAcquireSpinLockAtDpcLevel
ExRegisterCallback
KefReleaseSpinLockFromDpcLevel
DbgBreakPoint
ExNotifyCallback
ExAllocatePool
MmMapIoSpace
MmUnmapIoSpace
DbgPrint
_vsnprintf
KeQueryInterruptTime
KeCancelTimer
ExfInterlockedRemoveHeadList
RtlDeleteOwnersRanges
RtlCopyRangeList
_aullrem
RtlDeleteRange
IoGetDeviceProperty
RtlInitializeRangeList
_wcsicmp
RtlFindRange
HalDispatchTable
ExAllocatePoolWithTag
ExFreePoolWithTag
KeBugCheckEx
KeInitializeDpc
RtlGetFirstRange
IoConnectInterrupt

hal

KeStallExecutionProcessor
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
HalSetBusDataByOffset
HalGetBusDataByOffset
KdComPortInUse
KfAcquireSpinLock
KfReleaseSpinLock
WRITE_PORT_ULONG

wmilib.sys

WmiCompleteRequest
WmiSystemControl

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a173c8964fe69aaf5db4e482b12dac19

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

wmilib.sys

Sections

.text Size: 107KB - Virtual size: 107KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 10KB - Virtual size: 10KB

PAGE Size: 39KB - Virtual size: 39KB

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 4KB - Virtual size: 4KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 107KB - Virtual size: 107KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 10KB - Virtual size: 10KB

PAGE
Size: 39KB - Virtual size: 39KB

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 9KB - Virtual size: 9KB