Static task
static1
Behavioral task
behavioral1
Sample
f3362a944d0207ee437f32a444c93c86f1bb7d478124ab6ee9afb7507ba9d041.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
f3362a944d0207ee437f32a444c93c86f1bb7d478124ab6ee9afb7507ba9d041.exe
Resource
win10v2004-20220812-en
General
-
Target
f3362a944d0207ee437f32a444c93c86f1bb7d478124ab6ee9afb7507ba9d041
-
Size
31KB
-
MD5
6b946226cb1a218f0148ad3c3dfaaf9a
-
SHA1
b63da73b791673c42bbf59e789d8021077617f7d
-
SHA256
f3362a944d0207ee437f32a444c93c86f1bb7d478124ab6ee9afb7507ba9d041
-
SHA512
712ef5d97026c058564e2f759dc38241f988d782840f933adf50e25b3641b2d0b117d68a948bbe86d850b4448bef4c903435b11ac96d28080732a1c04d4f7acb
-
SSDEEP
384:q16OsV0u3HRbZ9Fh4KfENTJmxS9psFynvMZ3RlB2JLmwYg7qyv7dfYqFyIeCxLBo:qgFN7458knYgmPg/xzskXIN3
Malware Config
Signatures
Files
-
f3362a944d0207ee437f32a444c93c86f1bb7d478124ab6ee9afb7507ba9d041.exe windows x86
67364575ca44a688a87030fed8e85072
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwWaitForSingleObject
ZwDeviceIoControlFile
ZwCreateEvent
ZwCreateFile
RtlInitUnicodeString
swprintf
memset
ExFreePoolWithTag
ExAllocatePool
RtlUnicodeStringToAnsiString
ZwQueryValueKey
ZwOpenKey
KeSetTimerEx
KeInitializeTimerEx
_allmul
KeDelayExecutionThread
_strnicmp
RtlCharToInteger
memcpy
RtlGetVersion
ObReferenceObjectByHandle
ObfDereferenceObject
IoGetDeviceObjectPointer
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
MmProbeAndLockPages
IoAllocateMdl
KeSetEvent
atol
ZwEnumerateKey
IoFreeIrp
IoFreeMdl
MmUnlockPages
IoCancelIrp
IoAllocateIrp
_except_handler3
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwWriteFile
ZwClose
PsLookupProcessByProcessId
_wcsicmp
ZwQueryInformationProcess
RtlCompareUnicodeString
strstr
_strlwr
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
KeUnstackDetachProcess
KeStackAttachProcess
ObOpenObjectByPointer
PsProcessType
mbstowcs
KeReleaseMutex
memmove
KeCancelTimer
RtlEqualUnicodeString
ObQueryNameString
ObReferenceObjectByName
IoDriverObjectType
RtlAppendUnicodeStringToString
ZwQueryDirectoryObject
ZwOpenDirectoryObject
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
ZwEnumerateValueKey
PsTerminateSystemThread
KeWaitForMultipleObjects
PsCreateSystemThread
IoDetachDevice
IoGetAttachedDeviceReference
ZwOpenFile
ZwSetEvent
PoCallDriver
PoStartNextPowerIrp
KeInitializeMutex
ZwClearEvent
ZwWaitForMultipleObjects
strrchr
ExEventObjectType
rand
ZwQuerySystemInformation
_vsnprintf
hal
KfReleaseSpinLock
KfAcquireSpinLock
Sections
.text Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 740B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 121KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ