0d45a435ee39793ae9ab95f23d7c7db714a2e9815421aad070a775833425133a

Sharing

Copy URL Twitter E-mail

General

Target

0d45a435ee39793ae9ab95f23d7c7db714a2e9815421aad070a775833425133a
Size

38KB
MD5

2cf46e62860b0c5f21afe52f1d9e7d92
SHA1

142fc49dc777f3f44d298c8ba6ea333e3c168b82
SHA256

0d45a435ee39793ae9ab95f23d7c7db714a2e9815421aad070a775833425133a
SHA512

dba9125f0c2a668dba20c9071cf3df2dced45cb70368e293341cc94caf82897cd3c81a56167a8f38352a281d36fa7fc7ae63e69307d50c5f41c0f87ddf50a74c
SSDEEP

768:aZmPQybau/EcShgRCCQGxpTC/Zhz1tpinZmFu1qHCcHK/VDuW:oRybau/EcShgRCCQGxpTChhz1tp3iBV

Score

N/A

Malware Config

Signatures

Files

0d45a435ee39793ae9ab95f23d7c7db714a2e9815421aad070a775833425133a
.exe windows x86

36b62beccdf27b7f14177d4c79394644

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
IoFreeMdl
MmUnlockPages
KeWaitForSingleObject
IofCallDriver
IoBuildAsynchronousFsdRequest
KeInitializeEvent
RtlFreeUnicodeString
ZwOpenKey
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeDelayExecutionThread
KeWaitForMultipleObjects
_allmul
ZwClose
ObfDereferenceObject
ObReferenceObjectByHandle
KeReleaseMutex
RtlInitUnicodeString
ZwQueryValueKey
ExAllocatePoolWithTag
ZwCreateFile
PsTerminateSystemThread
ZwReadFile
ZwSetInformationFile
KeSetPriorityThread
PsCreateSystemThread
IoReleaseRemoveLockEx
InterlockedPopEntrySList
InterlockedPushEntrySList
WmiQueryTraceInformation
IoWMIRegistrationControl
IoGetDriverObjectExtension
IoFreeIrp
IoAcquireRemoveLockEx
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
MmCreateMdl
KeGetCurrentThread
IoAllocateMdl
IoAllocateIrp
RtlFreeAnsiString
strncpy
RtlUnicodeStringToAnsiString
KeQuerySystemTime
_alldiv
RtlQueryRegistryValues
IoOpenDeviceRegistryKey
IoDeleteDevice
ExInitializeNPagedLookasideList
IoRegisterDeviceInterface
IoAttachDeviceToDeviceStack
KeInitializeSpinLock
KeInitializeMutex
IoInitializeRemoveLockEx
IoCreateDevice
RtlCopyUnicodeString
IoAllocateDriverObjectExtension
PoCallDriver
PoStartNextPowerIrp
ExDeleteNPagedLookasideList
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
IoSetDeviceInterfaceState
_except_handler3
KeSetEvent
IofCompleteRequest
WmiTraceMessage

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36b62beccdf27b7f14177d4c79394644

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 256B - Virtual size: 256B

PAGE Size: 18KB - Virtual size: 18KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 256B - Virtual size: 256B

PAGE
Size: 18KB - Virtual size: 18KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 3KB - Virtual size: 2KB