6c97b8feb7fd2f30f98a32dc2d8cbe7ed64822d1db599413ebf457de0348f1e9

Sharing

Copy URL

Twitter E-mail

General

Target

6c97b8feb7fd2f30f98a32dc2d8cbe7ed64822d1db599413ebf457de0348f1e9
Size

76KB
MD5

1ec68d0476cbedc2aa5aee888b8e1d1e
SHA1

75e849d584117e9a86bab3c45b15d955db901b7d
SHA256

6c97b8feb7fd2f30f98a32dc2d8cbe7ed64822d1db599413ebf457de0348f1e9
SHA512

e48a70b7fbbfba5a5440ff6de4d23c2d0097095f5881e8ff15d8d98248b9a48c2c9fba776f9f50d6d8f05116cb912a51f0a54311be58a97bb456dfe919d41e97
SSDEEP

1536:5ZxgJwCPEpvvDXlvEM8jFKguefi4WKEGVBWWQ+Tsbbqnvalt1R:5vPCwHDVEDtfVfB3wbbAilt1

Score

N/A

Malware Config

Signatures

Files

6c97b8feb7fd2f30f98a32dc2d8cbe7ed64822d1db599413ebf457de0348f1e9
.exe windows x86

0e5e388fcb5bc03129d1f0d8ee33ddc5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hal

KeAcquireQueuedSpinLock
KeAcquireInStackQueuedSpinLock
KfLowerIrql
KfRaiseIrql
KeGetCurrentIrql
KeReleaseQueuedSpinLock
KeReleaseInStackQueuedSpinLock

ntoskrnl.exe

KeInitializeDpc
KeInitializeTimer
MmLockPagableDataSection
KeSetTimer
READ_REGISTER_ULONG
MmUnlockPagableImageSection
KeRemoveQueueDpc
KeCancelTimer
_alldiv
RtlEqualUnicodeString
ExAllocatePoolWithQuota
MmUnmapLockedPages
IoCancelIrp
ExQueueWorkItem
FsRtlMdlReadComplete
KeDetachProcess
FsRtlMdlRead
KeAttachProcess
IoGetRequestorProcess
FsRtlCopyRead
IoQueryFileInformation
_aullrem
PsGetCurrentProcessId
ObFindHandleForObject
ObCloseHandle
ObOpenObjectByName
IoThreadToProcess
KeTickCount
KeInitializeApc
KeInsertQueueApc
KeAcquireInStackQueuedSpinLockAtDpcLevel
KeReleaseInStackQueuedSpinLockFromDpcLevel
ObfReferenceObject
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
memmove
ExFreePoolWithTag
IofCompleteRequest
IoFreeMdl
ObfDereferenceObject
ObReferenceObjectByHandle
ExGetPreviousMode
InterlockedPushEntrySList

tdi.sys

TdiReturnChainedReceives
TdiMatchPdoWithChainedReceiveContext
TdiDeregisterPnPHandlers
TdiRegisterPnPHandlers
TdiCopyMdlToBuffer
TdiCopyBufferToMdl

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 218B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.PAGE
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0e5e388fcb5bc03129d1f0d8ee33ddc5

Headers

File Characteristics

Imports

hal

ntoskrnl.exe

tdi.sys

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 18KB - Virtual size: 18KB

INIT Size: 1024B - Virtual size: 1024B

.reloc Size: 256B - Virtual size: 218B

.PAGE Size: 256B - Virtual size: 256B

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 18KB - Virtual size: 18KB

INIT
Size: 1024B - Virtual size: 1024B

.reloc
Size: 256B - Virtual size: 218B

.PAGE
Size: 256B - Virtual size: 256B