a54febfff66cd14e6ea751361942fb7cf83311099e6c20ac3cd5d7e275a994bf

Sharing

Copy URL Twitter E-mail

General

Target

a54febfff66cd14e6ea751361942fb7cf83311099e6c20ac3cd5d7e275a994bf
Size

33KB
MD5

78aef997691beecae41fb693cb07e847
SHA1

4ac30cdfdf17e39806baad2f0b9f387a4759b0ce
SHA256

a54febfff66cd14e6ea751361942fb7cf83311099e6c20ac3cd5d7e275a994bf
SHA512

cce185da4bdeb335ad186068aea212a515384c788ad977b0bb8a24f22dfe1341f0e8587bf24a5c6359062086477d87aea2c26509ee76289ce878d8f067cd13e2
SSDEEP

768:Mgh6y4HfkIdm26iafdjIafdjcjso5zMl4:M/MG9afdUafd4Vil4

Score

N/A

Malware Config

Signatures

Files

a54febfff66cd14e6ea751361942fb7cf83311099e6c20ac3cd5d7e275a994bf
.exe windows x86

5b2253a69f505d3644bea2f56b830eb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

VerSetConditionMask
ZwClose
IoOpenDeviceRegistryKey
memset
IoReleaseRemoveLockEx
IofCompleteRequest
IoReleaseCancelSpinLock
IoAcquireRemoveLockEx
KeSetEvent
KeWaitForSingleObject
memmove
RtlCopyUnicodeString
RtlQueryRegistryValues
RtlAppendUnicodeToString
ObfDereferenceObject
IoRegisterPlugPlayNotification
IoGetDeviceObjectPointer
IoGetDeviceProperty
IoBuildDeviceIoControlRequest
IoSetDeviceInterfaceState
IoUnregisterPlugPlayNotification
IoWMIRegistrationControl
IoCancelIrp
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoFreeWorkItem
RtlVerifyVersionInfo
IoQueueWorkItem
IoAllocateWorkItem
PoCallDriver
PoStartNextPowerIrp
PoSetPowerState
PoRequestPowerIrp
SeSinglePrivilegeCheck
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
PoSetSystemState
IoDeleteDevice
RtlFreeUnicodeString
IoInitializeRemoveLockEx
IoCreateDevice
ZwSetValueKey
RtlWriteRegistryValue
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
IoRegisterDeviceInterface
IoAttachDeviceToDeviceStack
IoRegisterDriverReinitialization
KeTickCount
KeBugCheckEx
ZwPowerInformation
memcpy
RtlInitUnicodeString
ExAllocatePoolWithTag
ZwQueryValueKey
ExFreePoolWithTag
IofCallDriver
DbgPrint
KeInitializeEvent

hal

KfAcquireSpinLock
KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
KfReleaseSpinLock

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 433B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b2253a69f505d3644bea2f56b830eb3

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

wmilib.sys

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 512B - Virtual size: 433B

.data Size: 512B - Virtual size: 868B

PAGE Size: 6KB - Virtual size: 5KB

INIT Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 512B - Virtual size: 433B

.data
Size: 512B - Virtual size: 868B

PAGE
Size: 6KB - Virtual size: 5KB

INIT
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB