498ae2809fb2d1655aa927ceb01bdb8090510591b90bb963845f550ce41af72e

Sharing

Copy URL Twitter E-mail

General

Target

498ae2809fb2d1655aa927ceb01bdb8090510591b90bb963845f550ce41af72e
Size

55KB
MD5

5699459fd3906f0c11d842c03bf96f10
SHA1

59064ed1892a58d0f49ed180b7b593abed916d2f
SHA256

498ae2809fb2d1655aa927ceb01bdb8090510591b90bb963845f550ce41af72e
SHA512

f9679b87c8c4803a074ded5d1b6630b502b26aaef48107baca9408a980dff8cbd9670aca6bae747639e76ecaf3fb7bfbed190c18dca28690433af0a26aa78f48
SSDEEP

768:sySAx82FC0dgUzUD8StpgEdVFpguMdlPLkhSlN4p3wvjxzsAl+OudkMmrjF:snAL8gaV3qPHN4p3wvjx5+7YF

Score

N/A

Malware Config

Signatures

Files

498ae2809fb2d1655aa927ceb01bdb8090510591b90bb963845f550ce41af72e
.exe windows x86

1ad28ad1337e089157f310567bc3cf49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memcpy
memset
RtlQueryRegistryValues
KeSetEvent
IofCallDriver
IofCompleteRequest
ObfReferenceObject
KeInitializeEvent
_vsnwprintf
IoWMIWriteEvent
MmGetSystemRoutineAddress
RtlInitUnicodeString
RtlCompareMemory
IoWMIRegistrationControl
IoReleaseRemoveLockEx
IoAcquireRemoveLockEx
IoFreeIrp
IoBuildDeviceIoControlRequest
PoStartNextPowerIrp
PoSetPowerState
ObfDereferenceObject
IoDeleteDevice
IoDeleteSymbolicLink
IoUnregisterPlugPlayNotification
ZwClose
RtlUnicodeStringToInteger
RtlGUIDFromString
ZwEnumerateValueKey
ZwOpenKey
IoOpenDeviceRegistryKey
ZwCreateKey
RtlFreeUnicodeString
RtlStringFromGUID
ExUuidCreate
IoAllocateIrp
PoCallDriver
IoCreateArcName
IoDetachDevice
IoFreeWorkItem
IoReleaseRemoveLockAndWaitEx
ExAllocatePoolWithTag
RtlCheckRegistryKey
IoAllocateWorkItem
IoInitializeRemoveLockEx
KeInitializeMutex
IoAttachDeviceToDeviceStack
IoCreateDevice
IoRegisterPlugPlayNotification
IoCreateSymbolicLink
RtlCopyUnicodeString
RtlInitializeGenericTableAvl
IoReportTargetDeviceChangeAsynchronous
IoGetAttachedDeviceReference
IoWritePartitionTableEx
IoReadPartitionTableEx
IoCreateDisk
IoSetPartitionInformationEx
KeQueryActiveProcessorCountEx
KeQueryMaximumProcessorCountEx
KeGetCurrentProcessorNumberEx
KeQuerySystemTime
_alldiv
RtlLookupElementGenericTableAvl
RtlDeleteElementGenericTableAvl
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoBuildSynchronousFsdRequest
RtlInsertElementGenericTableAvl
IoReuseIrp
IoGetDeviceObjectPointer
IoFreeMdl
IoBuildPartialMdl
IoAllocateMdl
IoMakeAssociatedIrp
IoQueueWorkItem
KeClearEvent
RtlEqualUnicodeString
RtlComputeCrc32
KeTickCount
KeBugCheckEx
ExFreePoolWithTag
IoForwardIrpSynchronously
RtlWriteRegistryValue
KeWaitForSingleObject
KeReleaseMutex
IoGetBootDiskInformationLite
_allmul

hal

KfAcquireSpinLock
KeQueryPerformanceCounter
KfReleaseSpinLock

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ad28ad1337e089157f310567bc3cf49

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

wmilib.sys

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 1024B - Virtual size: 588B

.data Size: 512B - Virtual size: 336B

PAGE Size: 24KB - Virtual size: 23KB

INIT Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 1024B - Virtual size: 588B

.data
Size: 512B - Virtual size: 336B

PAGE
Size: 24KB - Virtual size: 23KB

INIT
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB