0b7f4e0642e9f9a0d3a3661d760d8d6259538e550359f8a66a6264d06a8cdd18

Sharing

Copy URL Twitter E-mail

General

Target

0b7f4e0642e9f9a0d3a3661d760d8d6259538e550359f8a66a6264d06a8cdd18
Size

51KB
MD5

43f61fe88056253b77caf93d0928282e
SHA1

5d052319c426ddd56479fe1e77056e431697dd35
SHA256

0b7f4e0642e9f9a0d3a3661d760d8d6259538e550359f8a66a6264d06a8cdd18
SHA512

7577d61acd1ba3d2115289cce45f7d903b0bd78bcc1e6faf496d1f6249540262beebc717f40f3659d04c952df36b118d8c18c712cbc06e2d00b311fa31644e69
SSDEEP

1536:Qp+LEeGMQ5L4ue9XrJIK1pktST/QRKhf:7/GqrJIK11T/0KR

Score

N/A

Malware Config

Signatures

Files

0b7f4e0642e9f9a0d3a3661d760d8d6259538e550359f8a66a6264d06a8cdd18
.exe windows x86

b18fbdd7a311da57e719bd58d62b220c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeWaitForSingleObject
KeReleaseSemaphore
ObfDereferenceObject
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
ExFreePoolWithTag
IoVolumeDeviceToDosName
ExQueueWorkItem
ObfReferenceObject
KeNumberProcessors
IofCompleteRequest
IofCallDriver
RtlAreBitsSet
_allshr
KeSetEvent
KeInitializeEvent
ExAllocatePoolWithTag
ZwFsControlFile
ZwQueryVolumeInformationFile
_allmul
_alldiv
ZwSetInformationFile
ZwClose
RtlDeleteElementGenericTableAvl
RtlInsertElementGenericTableAvl
_except_handler3
ZwUnmapViewOfSection
IoFreeIrp
IoFreeMdl
IoStopTimer
ExAllocatePoolWithTagPriority
PsGetCurrentThread
IoBuildPartialMdl
IoAllocateMdl
IoAllocateIrp
RtlLookupElementGenericTableAvl
ZwMapViewOfSection
ZwCreateSection
IoGetAttachedDeviceReference
IoGetDeviceObjectPointer
IoBuildDeviceIoControlRequest
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
KeSetTimer
RtlAppendUnicodeStringToString
RtlCreateSystemVolumeInformationFolder
RtlStringFromGUID
swprintf
RtlInitUnicodeString
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
SeExports
RtlCreateSecurityDescriptor
ZwOpenFile
RtlSetBit
RtlClearBits
RtlSetBits
RtlQueryRegistryValues
ObReferenceObjectByHandle
RtlFindNextForwardRunClear
RtlInitializeBitMap
KeQuerySystemTime
KeLeaveCriticalRegion
KeEnterCriticalRegion
ExAllocatePoolWithQuotaTag
SeReleaseSubjectContext
SeUnlockSubjectContext
SeAccessCheck
IoGetFileObjectGenericMapping
SeLockSubjectContext
SeCaptureSubjectContext
MmLockPagableDataSection
ZwQueryDirectoryFile
IoFreeWorkItem
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
KeCancelTimer
PoCallDriver
PoStartNextPowerIrp
ZwWaitForSingleObject
PsCreateSystemThread
IoInvalidateDeviceRelations
IoQueueWorkItem
IoAllocateWorkItem
IoDetachDevice
IoInitializeTimer
KeInitializeDpc
KeInitializeTimer
IoAttachDeviceToDeviceStack
KeInitializeSpinLock
IoGetDriverObjectExtension
IoCreateDevice
IoStartTimer
RtlFindSetBits
RtlClearAllBits
ZwCreateFile
RtlEnumerateGenericTableAvl
RtlSetAllBits
MmBuildMdlForNonPagedPool
RtlInitializeGenericTableAvl
KeResetEvent
RtlEqualUnicodeString
IoUnregisterPlugPlayNotification
IoRegisterPlugPlayNotification
PsSetThreadHardErrorsAreDisabled
PsGetThreadHardErrorsAreDisabled
ZwOpenEvent
RtlInsertElementGenericTableFullAvl
RtlLookupElementGenericTableFullAvl
IoGetDeviceProperty
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
IoRegisterDriverReinitialization
KeInitializeSemaphore
IoAllocateDriverObjectExtension
KeTickCount
KeBugCheckEx
InterlockedPushEntrySList
IoDeleteDevice
InterlockedPopEntrySList

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGELK
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INITc
Size: 6KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b18fbdd7a311da57e719bd58d62b220c

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 896B - Virtual size: 788B

.data Size: 128B - Virtual size: 12B

PAGELK Size: 34KB - Virtual size: 34KB

INIT Size: 4KB - Virtual size: 4KB

INITc Size: 6KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 896B - Virtual size: 788B

.data
Size: 128B - Virtual size: 12B

PAGELK
Size: 34KB - Virtual size: 34KB

INIT
Size: 4KB - Virtual size: 4KB

INITc
Size: 6KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB