2f3cdae812b6bb4e3292fae218fd825454e06daa905da34c48df2a1f46089cb6

Sharing

Copy URL Twitter E-mail

General

Target

2f3cdae812b6bb4e3292fae218fd825454e06daa905da34c48df2a1f46089cb6
Size

59KB
MD5

456ce129f9befcc72165cc00510b2856
SHA1

7eefa06588cbec9dff96e27be0f1b4005f914bc8
SHA256

2f3cdae812b6bb4e3292fae218fd825454e06daa905da34c48df2a1f46089cb6
SHA512

be3962c359cd182f4c3937217a1c685fa797549de4c652cdc87673c5ebb97c303bae37358b1026da6a948834fbf25853aa6826576f7e6e574fbaafbb7f466712
SSDEEP

768:EonW2d+EZI0sUB8zMArAl5N5Z394cTYNvgQ9dkis4ZXNqQH4XQKaDJpPJxKuEvBG:G9EWU18Egl4XDaDjxm39ir

Score

N/A

Malware Config

Signatures

Files

2f3cdae812b6bb4e3292fae218fd825454e06daa905da34c48df2a1f46089cb6
.exe windows x64

6f77717f07d1be4b0ae3f802fb103068

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

_wcsnicmp
KeReleaseSpinLockFromDpcLevel
KeAcquireSpinLockRaiseToDpc
KeAcquireSpinLockAtDpcLevel
ExpInterlockedPopEntrySList
IoReleaseCancelSpinLock
MmLockPagableDataSection
IoDeleteDevice
ExDeleteNPagedLookasideList
ExQueryDepthSList
ExpInterlockedPushEntrySList
KeInitializeSpinLock
ExInitializeNPagedLookasideList
IofCompleteRequest
KeQueryTimeIncrement
RtlGUIDFromString
RtlInitUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
KeReleaseSpinLock
MmGetSystemRoutineAddress
ZwClose
ZwSetSecurityObject
IoCreateDevice
IoDeviceObjectType
ObOpenObjectByPointer
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
wcschr
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
RtlLengthSid
RtlCreateSecurityDescriptor
ZwCreateKey
ZwSetValueKey
RtlFreeUnicodeString
ZwQueryValueKey
ZwOpenKey

ndis.sys

NdisCloseConfiguration
NdisCmCloseAddressFamilyComplete
NdisCmDispatchIncomingCloseCall
NdisClCloseCall
NdisAcquireRWLockWrite
NdisInitializeTimer
NdisClRegisterSap
NdisCoGetTapiCallId
NdisCmDispatchCallConnected
NdisCmDispatchIncomingCall
NdisClIncomingCallComplete
NdisClMakeCall
NdisCoDeleteVc
NdisCoCreateVc
NdisReleaseRWLock
NdisAcquireRWLockRead
NdisFreeRWLock
NdisReadConfiguration
NdisOpenConfigurationKeyByName
NdisOpenConfigurationEx
NdisRegisterProtocolDriver
NdisInitializeEvent
NdisCoOidRequest
NdisWaitEvent
NdisSetEvent
NdisClNotifyCloseAddressFamilyComplete
NdisClDeregisterSap
NdisCmNotifyCloseAddressFamily
NdisCmCloseCallComplete
NdisAllocateRWLock
NdisSetOptionalHandlers
NdisOpenAdapterEx
NdisOidRequest
NdisCloseAdapterEx
NdisClOpenAddressFamilyEx
NdisCmRegisterAddressFamilyEx
NdisClCloseAddressFamily
NdisDeregisterProtocolDriver
NdisCancelTimer
NdisSetTimer
NdisReturnNetBufferLists

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGENDPx
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f77717f07d1be4b0ae3f802fb103068

Headers

File Characteristics

Imports

ntoskrnl.exe

ndis.sys

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

PAGENDPx Size: 19KB - Virtual size: 19KB

PAGE Size: 6KB - Virtual size: 6KB

INIT Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 512B - Virtual size: 108B

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

PAGENDPx
Size: 19KB - Virtual size: 19KB

PAGE
Size: 6KB - Virtual size: 6KB

INIT
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 512B - Virtual size: 108B