4140fe56b18fb411db1e092a4bde26e9cdaf03b8a9eb06fe4fb9a0b27e856ffe

Sharing

Copy URL Twitter E-mail

General

Target

4140fe56b18fb411db1e092a4bde26e9cdaf03b8a9eb06fe4fb9a0b27e856ffe
Size

51KB
MD5

602b9bb4d5478d21e27a1e07943ea29d
SHA1

c3acb8de65636e7f365047aa9b186c487002cf7b
SHA256

4140fe56b18fb411db1e092a4bde26e9cdaf03b8a9eb06fe4fb9a0b27e856ffe
SHA512

e3f265e8c55564ca7fdaf4324492db1f6703f74b2d74b1f4c6bc7c8b722e6bf1f056e9cf404722c722d440d393557c15989fff9f3f7072da366aba06203d357f
SSDEEP

768:e8uOi64afQ/wFJlcMI9Rk4s+8PrLx4sLwiwUTDyJf46/H7ci5DtrmX8SAkMkJ:e8/BXaQyM6W4srPr14ssiwUIDpwx4kJ

Score

N/A

Malware Config

Signatures

Files

4140fe56b18fb411db1e092a4bde26e9cdaf03b8a9eb06fe4fb9a0b27e856ffe
.exe windows x86

633e41f3024f9c39d7a3bd16677b7765

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
ExAllocatePoolWithTag
IoGetAttachedDeviceReference
memcpy
IoReportTargetDeviceChangeAsynchronous
SeReleaseSubjectContext
SeUnlockSubjectContext
SeAccessCheck
IoGetFileObjectGenericMapping
SeLockSubjectContext
SeCaptureSubjectContext
ZwClose
ZwFlushKey
ZwOpenKey
RtlQueryRegistryValues
memset
RtlWriteRegistryValue
RtlDeleteRegistryValue
memmove
IoForwardIrpSynchronously
IoInvalidateDeviceRelations
RtlInitUnicodeString
IoOpenDeviceRegistryKey
RtlValidSecurityDescriptor
ObSetSecurityObjectByPointer
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
SeExports
RtlGetVersion
IoGetDeviceProperty
RtlSubAuthoritySid
RtlInitializeSid
IoGetDeviceObjectPointer
MmPageEntireDriver
MmResetDriverPaging
KeReleaseSemaphore
IoUnregisterPlugPlayNotification
IoRegisterPlugPlayNotification
IoRegisterLastChanceShutdownNotification
RtlCopyUnicodeString
IoDetachDevice
KeInitializeSemaphore
ObfDereferenceObject
IoDeleteSymbolicLink
IoAttachDeviceToDeviceStack
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
ExQueueWorkItem
IoSetHardErrorOrVerifyDevice
IoInvalidateDeviceState
KeSetEvent
IoReleaseVpbSpinLock
IoAcquireVpbSpinLock
PoSetPowerState
PoCallDriver
PoStartNextPowerIrp
IoGetBootDiskInformationLite
RtlCheckRegistryKey
RtlFreeUnicodeString
IoGetDeviceInterfaces
IoWMIRegistrationControl
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
ObfReferenceObject
IoFreeIrp
IoFreeMdl
IoBuildPartialMdl
IoAllocateMdl
IoMakeAssociatedIrp
RtlCompareMemory
IoSetDevicePropertyData
IoGetDevicePropertyData
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
IoUnregisterShutdownNotification
KeLeaveCriticalRegion
KeEnterCriticalRegion
IoRegisterDriverReinitialization
IoRegisterBootDriverReinitialization
IoReportDetectedDevice
ZwQueryValueKey
KeTickCount
KeBugCheckEx
RtlUnwind
KeInitializeEvent
IoBuildDeviceIoControlRequest
IofCallDriver
KeWaitForSingleObject
IoDeleteDevice
_vsnwprintf

hal

KfAcquireSpinLock
KfReleaseSpinLock

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

633e41f3024f9c39d7a3bd16677b7765

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

wmilib.sys

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 1024B - Virtual size: 900B

.data Size: 512B - Virtual size: 44B

PAGE Size: 26KB - Virtual size: 25KB

INIT Size: 4KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 1024B - Virtual size: 900B

.data
Size: 512B - Virtual size: 44B

PAGE
Size: 26KB - Virtual size: 25KB

INIT
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 1KB - Virtual size: 1KB