6db206733baf4c9b09b1b0b5bb0b8a7a24a9bf52b69e7d769c8b8a9e8842c761

Sharing

Copy URL Twitter E-mail

General

Target

6db206733baf4c9b09b1b0b5bb0b8a7a24a9bf52b69e7d769c8b8a9e8842c761
Size

35KB
MD5

7b720e3a78115edb719348b3f7685872
SHA1

0c347818b8ad9656be19f54c7fdb117e3ba18532
SHA256

6db206733baf4c9b09b1b0b5bb0b8a7a24a9bf52b69e7d769c8b8a9e8842c761
SHA512

22c65451f25ea7ec534ee108c56323879b6747af30bddf289a92e40bd253b381824165b0f707f54f3561214c24c099c58d9c68801ef968d1f467cd7a7c0fe45f
SSDEEP

768:or2WQlRzdNQdPs/+yNSw5nEQvECBcRNSCJPg2gsKNX:o6WQlRzdmdUmyNF5nhENJPg2gsKNX

Score

N/A

Malware Config

Signatures

Files

6db206733baf4c9b09b1b0b5bb0b8a7a24a9bf52b69e7d769c8b8a9e8842c761
.exe windows x86

2a7faa69cfee2416e3d62673a51c91e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoFreeIrp
IoFreeMdl
IoWMIRegistrationControl
ExfInterlockedPopEntryList
KeInitializeSpinLock
ExQueueWorkItem
ExfInterlockedPushEntryList
MmBuildMdlForNonPagedPool
IoAllocateMdl
ZwQueryValueKey
RtlUnicodeStringToInteger
IoReadDiskSignature
ZwOpenKey
IoReadPartitionTable
DbgPrint
IoReadPartitionTableEx
IoWritePartitionTableEx
IoSetPartitionInformationEx
IoSetPartitionInformation
IoRegisterBootDriverReinitialization
IoGetConfigurationInformation
RtlQueryRegistryValues
IoOpenDeviceRegistryKey
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlAnsiStringToUnicodeString
RtlInitAnsiString
sprintf
IoCreateSymbolicLink
IoDeleteSymbolicLink
RtlFreeUnicodeString
IoSetDeviceInterfaceState
KeInitializeMutex
InitSafeBootMode
IoRegisterDeviceInterface
HalExamineMBR
KeTickCount
KeBugCheckEx
_allmul
_allrem
IoAllocateWorkItem
IoQueueWorkItem
IoReportTargetDeviceChangeAsynchronous
IoBuildDeviceIoControlRequest
IoBuildSynchronousFsdRequest
IoInvalidateDeviceRelations
memmove
IoCreateDisk
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
IoAllocateIrp
IofCallDriver
_allshr
IoFreeWorkItem
KeWaitForSingleObject
KeReleaseMutex
ExAllocatePoolWithTag
KeSetEvent
strncmp
IoSetHardErrorOrVerifyDevice
swprintf
RtlInitUnicodeString
ZwCreateDirectoryObject
IoGetAttachedDeviceReference
ZwMakeTemporaryObject
ZwClose
ExFreePoolWithTag
IoAttachDeviceToDeviceStack
IoDeleteDevice
KeInitializeEvent
IoVerifyPartitionTable
ObfDereferenceObject

classpnp.sys

ClassQueryTimeOutRegistryValue
ClassUpdateInformationInRegistry
ClassInitializeMediaChangeDetection
ClassGetDeviceParameter
ClassDeleteSrbLookasideList
ClassReadDriveCapacity
ClassSignalCompletion
ClassMarkChildMissing
ClassInitializeSrbLookasideList
ClassNotifyFailurePredicted
ClassSetFailurePredictionPoll
ClassWmiCompleteRequest
ClassInterpretSenseInfo
ClassSpinDownPowerHandler
ClassInitialize
ClassInitializeEx
ClassSendDeviceIoControlSynchronous
ClassAcquireChildLock
ClassReleaseChildLock
ClassDeviceControl
ClassInvalidateBusRelations
ClassSetDeviceParameter
ClassModeSense
ClassFindModePage
ClassAcquireRemoveLockEx
ClassAsynchronousCompletion
ClassSendSrbSynchronous
ClassIoComplete
ClassReleaseRemoveLock
ClassCompleteRequest
ClassClaimDevice
ClassCreateDeviceObject
ClassScanForSpecial

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 384B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a7faa69cfee2416e3d62673a51c91e5

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

classpnp.sys

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 384B - Virtual size: 264B

PAGE Size: 17KB - Virtual size: 17KB

PAGE Size: 384B - Virtual size: 336B

INIT Size: 5KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 384B - Virtual size: 264B

PAGE
Size: 17KB - Virtual size: 17KB

PAGE
Size: 384B - Virtual size: 336B

INIT
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 1KB - Virtual size: 1KB