c3bd4dd1a9258483b4cfc804fb7f784705ec6b1b627a8f9ad4e97d642c9dcb57

Sharing

Copy URL Twitter E-mail

General

Target

c3bd4dd1a9258483b4cfc804fb7f784705ec6b1b627a8f9ad4e97d642c9dcb57
Size

122KB
MD5

30bad2c8c940b600e0bfb3dadc66f78d
SHA1

37e2773fb16233d8cc06a7380978ab020fc0bc86
SHA256

c3bd4dd1a9258483b4cfc804fb7f784705ec6b1b627a8f9ad4e97d642c9dcb57
SHA512

8c48b1642b0504fcdfbfaeaafb338145f8b09911e4fe010c05d2326ac1a8bbfb8ea822cb5f90ab75d48a8a385f378412e30aab302b122dadfbba5becdd4d05e1
SSDEEP

3072:IhdvNbNxPAPY23YB/y0sNfVkwT1nvVz54A:wRDmY2oB/y0sNphnvVz5

Score

N/A

Malware Config

Signatures

Files

c3bd4dd1a9258483b4cfc804fb7f784705ec6b1b627a8f9ad4e97d642c9dcb57
.exe windows x86

3bd9ebbaa28f067d72f14003863c2b19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
HalExamineMBR
IoBuildDeviceIoControlRequest
IoGetAttachedDeviceReference
ObfDereferenceObject
KeQuerySystemTime
ExUuidCreate
_allshr
_allmul
memmove
RtlWriteRegistryValue
RtlQueryRegistryValues
RtlCompareMemory
DbgPrint
ObReferenceObjectByHandle
_purecall
RtlCompareUnicodeString
IoGetDeviceObjectPointer
RtlInitUnicodeString
swprintf
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoRegisterDeviceInterface
IoWMIRegistrationControl
IofCompleteRequest
SeReleaseSubjectContext
SeUnlockSubjectContext
SeAccessCheck
IoGetFileObjectGenericMapping
SeLockSubjectContext
SeCaptureSubjectContext
RtlDeleteRegistryValue
RtlCreateRegistryKey
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
KeReleaseSemaphore
IoReleaseCancelSpinLock
KeSetEvent
PoCallDriver
PoStartNextPowerIrp
PsTerminateSystemThread
ExQueueWorkItem
IoRegisterShutdownNotification
KeInitializeSemaphore
IoDeleteDevice
IoDetachDevice
IoAttachDeviceToDeviceStack
KeInitializeSpinLock
IoCreateDevice
PoRequestPowerIrp
PoSetPowerState
IoAcquireCancelSpinLock
IoReportTargetDeviceChangeAsynchronous
KeInitializeEvent
KeClearEvent
RtlStringFromGUID
IoSetSystemPartition
ZwClose
ZwFsControlFile
ZwOpenFile
IoInvalidateDeviceRelations
PsCreateSystemThread
RtlEqualUnicodeString
ObfReferenceObject
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
RtlVolumeDeviceToDosName
KeBugCheckEx
IoGetBootDiskInformation
MmLockPagableDataSection
IoInvalidateDeviceState
IoSetDeviceInterfaceState
IoGetDeviceProperty
IoUnregisterShutdownNotification
_alldiv
IoRegisterDriverReinitialization
IoRegisterBootDriverReinitialization
RtlCopyUnicodeString
IoReportDetectedDevice
InterlockedPopEntrySList
InterlockedPushEntrySList
ExInitializeNPagedLookasideList
IoFreeMdl
IoAllocateMdl
MmBuildMdlForNonPagedPool
IoAllocateIrp
FsRtlIsTotalDeviceFailure
IoFreeIrp
IoReuseIrp
IoBuildPartialMdl
MmUnmapLockedPages
_allrem
_alldvrm
_allshl
MmMapLockedPages
IoRaiseInformationalHardError
KeGetCurrentThread
wcslen
ZwQueryValueKey
ZwOpenKey
ZwSetSecurityObject
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
SeExports
_except_handler3
IoBuildSynchronousFsdRequest
IofCallDriver
KeWaitForSingleObject
strncmp
IoReadPartitionTableEx
ExFreePoolWithTag

hal

KfAcquireSpinLock
KfReleaseSpinLock

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGELK
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3bd9ebbaa28f067d72f14003863c2b19

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

wmilib.sys

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 128B - Virtual size: 36B

PAGE Size: 52KB - Virtual size: 52KB

PAGELK Size: 47KB - Virtual size: 47KB

INIT Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 128B - Virtual size: 36B

PAGE
Size: 52KB - Virtual size: 52KB

PAGELK
Size: 47KB - Virtual size: 47KB

INIT
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB