6bb4b2774fefc1e4adaa0889f4c3c7b66b0a0405dc4a1cb9e4dc03c36abe09ec

Sharing

Copy URL

Twitter E-mail

General

Target

6bb4b2774fefc1e4adaa0889f4c3c7b66b0a0405dc4a1cb9e4dc03c36abe09ec
Size

184KB
MD5

5c2b458d488266ca3cad093a3f108e90
SHA1

ee297bb6fcc38efe533d5f4d0a47f0a0b39ebb94
SHA256

6bb4b2774fefc1e4adaa0889f4c3c7b66b0a0405dc4a1cb9e4dc03c36abe09ec
SHA512

d72933e388a8c18dd1eda806053e2f8febd8276208719d56f5f90049cf79a8c4c57a31008bbb3ec05e081931d6553b34727a376d139a66c991f57bfbdd48bf46
SSDEEP

3072:9b0DV40DM6HCRs31JB2OYHVdj8UBHXCdOHVudX2OzWPM8lIk:0FDlJBHYH/j8GHx4dX2QQjIk

Score

N/A

Malware Config

Signatures

Files

6bb4b2774fefc1e4adaa0889f4c3c7b66b0a0405dc4a1cb9e4dc03c36abe09ec
.exe windows x86

a173c8964fe69aaf5db4e482b12dac19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
InterlockedPopEntrySList
InterlockedPushEntrySList
IoInvalidateDeviceRelations
InterlockedDecrement
strstr
IoGetAttachedDeviceReference
KeWaitForSingleObject
KeInitializeEvent
ExfInterlockedInsertTailList
IofCompleteRequest
ObReferenceObjectByPointer
RtlCompareMemory
PoRequestPowerIrp
ExQueueWorkItem
IoReleaseCancelSpinLock
InterlockedExchange
PoSetSystemState
ZwPowerInformation
PoStartNextPowerIrp
PoCallDriver
IoAcquireCancelSpinLock
PoSetPowerState
KdEnableDebugger
KdDisableDebugger
IofCallDriver
ExDeleteNPagedLookasideList
ObfDereferenceObject
IoBuildSynchronousFsdRequest
IoDetachDevice
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
RtlInitUnicodeString
RtlIntegerToUnicodeString
ZwClose
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwSetValueKey
IoOpenDeviceRegistryKey
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
ExfInterlockedCompareExchange64
InterlockedIncrement
ExCreateCallback
KeSetTimer
RtlGetNextRange
InterlockedCompareExchange
memmove
RtlFreeUnicodeString
RtlAddRange
RtlFreeRangeList
RtlEqualUnicodeString
HeadlessDispatch
IoRequestDeviceEject
PoShutdownBugCheck
ZwCreateKey
ZwQueryValueKey
ZwOpenKey
RtlUnicodeStringToInteger
ZwEnumerateKey
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlFindLeastSignificantBit
IoWMIRegistrationControl
IoWMIWriteEvent
vsprintf
ObReferenceObjectByHandle
KeClearEvent
PsTerminateSystemThread
KeWaitForMultipleObjects
PsCreateSystemThread
wcslen
ObfReferenceObject
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
KeTickCount
KeInsertQueueDpc
KeSetEvent
swprintf
sprintf
RtlCopyUnicodeString
KeQueryActiveProcessors
KeInitializeTimer
KeInitializeSpinLock
ExInitializeNPagedLookasideList
KefAcquireSpinLockAtDpcLevel
ExRegisterCallback
KefReleaseSpinLockFromDpcLevel
DbgBreakPoint
ExNotifyCallback
ExAllocatePool
MmMapIoSpace
MmUnmapIoSpace
DbgPrint
_vsnprintf
KeQueryInterruptTime
KeCancelTimer
ExfInterlockedRemoveHeadList
RtlDeleteOwnersRanges
RtlCopyRangeList
_aullrem
RtlDeleteRange
IoGetDeviceProperty
RtlInitializeRangeList
_wcsicmp
RtlFindRange
HalDispatchTable
ExAllocatePoolWithTag
ExFreePoolWithTag
KeBugCheckEx
KeInitializeDpc
RtlGetFirstRange
IoConnectInterrupt

hal

KeStallExecutionProcessor
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
HalSetBusDataByOffset
HalGetBusDataByOffset
KdComPortInUse
KfAcquireSpinLock
KfReleaseSpinLock
WRITE_PORT_ULONG

wmilib.sys

WmiCompleteRequest
WmiSystemControl

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a173c8964fe69aaf5db4e482b12dac19

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

wmilib.sys

Sections

.text Size: 107KB - Virtual size: 107KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 10KB - Virtual size: 10KB

PAGE Size: 39KB - Virtual size: 39KB

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 4KB - Virtual size: 4KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 107KB - Virtual size: 107KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 10KB - Virtual size: 10KB

PAGE
Size: 39KB - Virtual size: 39KB

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 9KB - Virtual size: 9KB