d8eb734d797ea3f936dbff09afb211f467974115c3659f3e2b71d9c7db2634fb

Sharing

Copy URL Twitter E-mail

General

Target

d8eb734d797ea3f936dbff09afb211f467974115c3659f3e2b71d9c7db2634fb
Size

15KB
MD5

6cf5ec7a266e2c8f3c24209d2c247f90
SHA1

1af62f81a67c6471483caa641e06075c38af8cd1
SHA256

d8eb734d797ea3f936dbff09afb211f467974115c3659f3e2b71d9c7db2634fb
SHA512

64319a5e8f8e66c3a3367768abedc423ce05d3314320384dff51a45ce1fcc4ba8bf936c4f970306e9e87a610543812e49a366946b70a449de12060f889c52197
SSDEEP

192:k+AoBIwAdo6SebnMqgSNYIgixD55VMiX90Hj9pv+guU3/+qqwTEy0nMWkn:3IdLSS6IFxD57MICn2PE+pwTEysMWk

Score

N/A

Malware Config

Signatures

Files

d8eb734d797ea3f936dbff09afb211f467974115c3659f3e2b71d9c7db2634fb
.exe windows x86

a71a32f914e5ef11e81bb9a4049c2b64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeWaitForSingleObject
IoBuildDeviceIoControlRequest
ZwQueryValueKey
PoSetPowerState
KeInitializeTimer
KeInitializeDpc
IoInitializeRemoveLockEx
IoDetachDevice
IoAllocateIrp
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
ZwClose
IoOpenDeviceRegistryKey
KeSetEvent
PoCallDriver
PoStartNextPowerIrp
IoAllocateErrorLogEntry
IoReleaseRemoveLockAndWaitEx
IoCancelIrp
KeInitializeEvent
KeCancelTimer
IoWMIRegistrationControl
KeSetTimerEx
DbgPrint
DbgBreakPointWithStatus
KdDebuggerEnabled
KeResetEvent
IoReuseIrp
_allmul
ZwOpenKey
ZwEnumerateValueKey
KeTickCount
KeBugCheckEx
IoWriteErrorLogEntry
IoAllocateMdl
MmBuildMdlForNonPagedPool
IoFreeMdl
IoAcquireRemoveLockEx
IofCompleteRequest
IofCallDriver
memmove
KeDelayExecutionThread
memcpy
IoReleaseRemoveLockEx
memset
RtlInitUnicodeString
ExAllocatePoolWithTag
RtlAppendUnicodeToString
RtlQueryRegistryValues
IoFreeIrp
ExFreePoolWithTag

hal

KfRaiseIrql
ExReleaseFastMutex
ExAcquireFastMutex
KfReleaseSpinLock
KfAcquireSpinLock
KfLowerIrql

wmilib.sys

WmiSystemControl
WmiCompleteRequest

hidparse.sys

HidP_UnsetUsages
HidP_MaxUsageListLength
HidP_GetCaps
HidP_TranslateUsageAndPagesToI8042ScanCodes
HidP_UsageAndPageListDifference
HidP_SetUsages
HidP_GetUsagesEx

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a71a32f914e5ef11e81bb9a4049c2b64

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

wmilib.sys

hidparse.sys

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 483B

.data Size: 512B - Virtual size: 48B

PAGE Size: 3KB - Virtual size: 2KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 648B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 483B

.data
Size: 512B - Virtual size: 48B

PAGE
Size: 3KB - Virtual size: 2KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 648B