ee0e12e4c9b42bf78699b22d245f8b93c5b5cfa5ede355deda0df3f03c455f83

Sharing

Copy URL

Twitter E-mail

General

Target

ee0e12e4c9b42bf78699b22d245f8b93c5b5cfa5ede355deda0df3f03c455f83
Size

616KB
MD5

6835b9076445790337407c81a0c5b5b0
SHA1

fa4bbf2830b34f4b2b9e3a16d2ad3b4ae25d6b87
SHA256

ee0e12e4c9b42bf78699b22d245f8b93c5b5cfa5ede355deda0df3f03c455f83
SHA512

cbf64038915158e9151002114d37e0e2bf83fd681c11fa8499f429da850a6f1e9c92d8588f724b7f84b8988830e6836a4bed6880cd0679a17240085bd1597e12
SSDEEP

6144:KW4Th83HNq/keGVWXB8EoW0OsCGcCz6arGCA16c0y4JWIZzRkBLSTr4JMZKJHUeK:jOhR8ehv7iHsODKJpCBHsbJCTyg52w

Score

N/A

Malware Config

Signatures

Files

ee0e12e4c9b42bf78699b22d245f8b93c5b5cfa5ede355deda0df3f03c455f83
.exe windows x86

1da94e3827df21709443773be609d7fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExIsResourceAcquiredSharedLite
ExIsResourceAcquiredExclusiveLite
ExAcquireResourceSharedLite
ExAcquireResourceExclusiveLite
KeReadStateEvent
ExReleaseResourceLite
ExFreePoolWithTag
memset
KeWaitForMultipleObjects
ObfDereferenceObject
ObfReferenceObject
PsGetCurrentProcess
RtlQueryRegistryValues
ExInitializeResourceLite
ZwAllocateLocallyUniqueId
RtlFreeUnicodeString
KeDelayExecutionThread
KeResetEvent
ExDeleteResourceLite
ExUuidCreate
PsGetCurrentProcessSessionId
PsIsProtectedProcess
PsTerminateSystemThread
MmUnsecureVirtualMemory
ZwFreeVirtualMemory
MmSecureVirtualMemory
ZwAllocateVirtualMemory
KeUnstackDetachProcess
KeStackAttachProcess
PsGetProcessSessionId
KiBugCheckData
KeRegisterBugCheckReasonCallback
KeDeregisterBugCheckReasonCallback
ExAllocatePoolWithTag
SeSinglePrivilegeCheck
IoDeleteDevice
IofCompleteRequest
RtlInitUnicodeString
RtlCopyUnicodeString
IoWMIRegistrationControl
IoWMIWriteEvent
_chkstk
RtlCompareMemory
EtwWrite
_purecall
ZwClose
ZwYieldExecution
KeGetCurrentThread
KeSetEvent
KdDebuggerNotPresent
KdDebuggerEnabled
KdRefreshDebuggerNotPresent
DbgBreakPoint
DbgPrintEx
KeBugCheckEx
KeTickCount
_alldiv
PsCreateSystemThread
KeAreAllApcsDisabled
RtlClearBits
RtlClearAllBits
RtlInitializeBitMap
RtlNumberOfClearBits
RtlFindClearBitsAndSet
IoBuildDeviceIoControlRequest
PsGetCurrentThreadId
PsGetProcessWin32Process
ObReferenceObjectByHandle
PsProcessType
RtlUnwind
ExInterlockedAddLargeInteger
ExAllocatePoolWithQuotaTag
MmGetSystemRoutineAddress
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
IoCreateDevice
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
KeLeaveCriticalRegion
_allmul
KeEnterCriticalRegion
KeInitializeEvent
IoBuildSynchronousFsdRequest
IofCallDriver
KeWaitForSingleObject
memcpy
KeQueryTimeIncrement
MmUserProbeAddress
KeSetActualBasePriorityThread
ExInterlockedFlushSList
ExQueueWorkItem
KePulseEvent
KeSetPriorityThread
RtlFindMostSignificantBit
_aullshr
_allshl
KeQueryPriorityThread
KeFlushQueuedDpcs
ZwQueryLicenseValue
InterlockedPopEntrySList
InterlockedPushEntrySList
KeReleaseMutex
KeClearEvent
IoReleaseRemoveLockEx
IoAcquireRemoveLockEx
IoGetDeviceProperty
RtlWriteRegistryValue
IoFreeWorkItem
IoQueueWorkItemEx
IoAllocateWorkItem
IoDetachDevice
KeInitializeMutex
KeInitializeDpc
RtlFillMemoryUlong
IoGetAttachedDeviceReference
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoGetDriverObjectExtension
PoCallDriver
PoStartNextPowerIrp
ExDeleteNPagedLookasideList
KeSetTimer
ExDeletePagedLookasideList
ExInitializePagedLookasideList
KeInitializeTimerEx
ExInitializeNPagedLookasideList
MmGetPhysicalMemoryRanges
RtlCheckRegistryKey
IoAllocateDriverObjectExtension
IoDisconnectInterruptEx
PoSetPowerState
IoForwardIrpSynchronously
KeReleaseInStackQueuedSpinLockFromDpcLevel
KeAcquireInStackQueuedSpinLockAtDpcLevel
InbvNotifyDisplayOwnershipLost
IoSetDeviceInterfaceState
IoInvalidateDeviceRelations
IoConnectInterruptEx
IoReleaseRemoveLockAndWaitEx
IoRegisterDeviceInterface
IoInvalidateDeviceState
ZwLoadDriver
InbvCheckDisplayOwnership
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
ExAllocatePoolWithTagPriority
ZwQueryKey
IoOpenDeviceRegistryKey
PoRequestPowerIrp
RtlAppendUnicodeToString
RtlInitAnsiString
RtlAppendStringToString
ExUnregisterCallback
IoUnregisterPlugPlayNotification
IoRegisterPlugPlayNotification
ExRegisterCallback
ExCreateCallback
_vsnwprintf
wcsrchr
IoDeleteSymbolicLink
RtlDeleteRegistryValue
ZwDeleteKey
RtlUpcaseUn-
RtlStringFromGUID
IoCreateSymbolicLink
MmUnmapIoSpace
ZwTnmapVhewNgRdcuion
MmM`qIoSpace
ZwMapViewOfSection
ZwOpenSection
KeInsertQueueDpc
KeSynchronizeExecution
IoFreeMdl
MmUnmapLockedPages
MmMapLockedPagesSpecifyCache
IoAllocateMdl
_aulldiv
PsGetProcessImageFileName
IoGetDeviceObjectPointer
IoGetDeviceAttachmentBaseRef
ZwQueryVirtualMemory
KeInvalidateRangeAllCaches
KeInvalidateAllCaches
ZwSetSystemInformation
PsGetCurrentProcessId
RtlFindLeastSignificantBit
KeQuerySystemTime
ProbeForWrite
MmMapViewOfSection
MmUnmapViewOfSection
_aullrem
MmFreeContiguousMemory
MmAllocateContiguousMemorySpecifyCache
MmUnmapViewInSystemSpace
MmMapViewInSystemSpace
MmCreateSection
MmFreeContiguousMemorySpecifyCache
MmGetPhysicalAddress
MmCreateMdl
_allshr
MmFreePagesFromMdl
MmAllocatePagesForMdl
MmUnlockPages
MmProbeAndLockPages
MmRotatePhysicalView

hal

HalGetBusDataByOffset
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
KfLowerIrql
KeRaiseIrqlToDpcLevel
KeQueryPerformanceCounter
KeGetCurrentIrql
HalSetBusDataByOffset

watchdog.sys

WdDiagNotifyUser
DMgrGetSmbiosInfo
WdDbgReportRecreate
WdDbgReportQueryInfo
WdDbgReportSecondaryData
WdLogGetRecentEvents
WdDbgReportComplete
WdQueryDebugFlag
WdDbgReportCancel
SMgrGdiCallout
WdDiagGetEtwHandle
WdDiagIsTracingEnabled
WdDiagShutdown
WdDiagInit
WdInitLogging
DMgrGetDisplayOwnership
WdDbgCreateSnapshot
WdDbgDestroySnapshot
WdLogEvent5
SMgrRegisterSessionStartCallout
DMgrIsSetupRunning
SMgrUnregisterSessionStartCallout
DMgrReleaseDisplayOwnership
DMgrAcquireDisplayOwnership
DMgrReleaseGdiViewId
DMgrWriteDeviceCountToRegistry
DMgrAcquireGdiViewId
WdpInterfaceReferenceNop
WdDbgReportCreate
GTF_FloatToInteger
GTF_FloatToRational
GTF_UsingVerticalRefreshFrequency_Stage1

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dxgknpd
Size: - Virtual size: 8B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 468KB - Virtual size: 467KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1da94e3827df21709443773be609d7fb

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

watchdog.sys

wmilib.sys

Sections

.text Size: 99KB - Virtual size: 99KB

.dxgknpd Size: - Virtual size: 8B

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 5KB - Virtual size: 9KB

PAGE Size: 468KB - Virtual size: 467KB

INIT Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 99KB - Virtual size: 99KB

.dxgknpd
Size: - Virtual size: 8B

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 5KB - Virtual size: 9KB

PAGE
Size: 468KB - Virtual size: 467KB

INIT
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 20KB - Virtual size: 20KB