5ab1c3989dd6f864123e80c3c44ad2532686549895580e26e8a4622b4f71f4fb

Sharing

Copy URL Twitter E-mail

General

Target

5ab1c3989dd6f864123e80c3c44ad2532686549895580e26e8a4622b4f71f4fb
Size

60KB
MD5

67c95a3c57c9ead8e0cacfc23eed060e
SHA1

48fbc72dc9c9dd59ee1a58830fa40edb9e57f1c0
SHA256

5ab1c3989dd6f864123e80c3c44ad2532686549895580e26e8a4622b4f71f4fb
SHA512

f4a65227a2188a92243c7ff962a31138cb1a973b394a08a9be83d18b6f3cc56e0fefd5cf984d70f5f59d7d08fba7822f78eba8a64dc2953fa19d35cea612ce62
SSDEEP

1536:fgva/fQmNVg11AnTaz+x8tUl6jdXTzrQuv:fgCfQCV81amS+Cl6xHr3

Score

N/A

Malware Config

Signatures

Files

5ab1c3989dd6f864123e80c3c44ad2532686549895580e26e8a4622b4f71f4fb
.exe windows x86

11b1da1a9a04edb9c2afce1a47240563

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeClearEvent
KeSetEvent
KeWaitForSingleObject
RtlCopyUnicodeString
ExAllocatePoolWithTag
KeSetTimer
KeSynchronizeExecution
InterlockedIncrement
READ_REGISTER_ULONG
KeCancelTimer
KeDelayExecutionThread
InterlockedPushEntrySList
IofCompleteRequest
IoCreateUnprotectedSymbolicLink
IoCreateDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
RtlInitUnicodeString
ExfInterlockedInsertTailList
IoFreeMdl
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmMapLockedPagesSpecifyCache
ExfInterlockedRemoveHeadList
IoStartNextPacket
KefAcquireSpinLockAtDpcLevel
InterlockedPopEntrySList
IoStartPacket
InterlockedExchange
ZwClose
KefReleaseSpinLockFromDpcLevel
IoOpenDeviceRegistryKey
ZwSetValueKey
PoStartNextPowerIrp
PoRequestPowerIrp
PoCallDriver
IoFreeIrp
IofCallDriver
KeInitializeEvent
IoAllocateIrp
ZwOpenKey
swprintf
IoGetDeviceProperty
ExDeleteNPagedLookasideList
MmUnmapIoSpace
IoDisconnectInterrupt
IoCancelIrp
PoSetPowerState
IoConnectInterrupt
ExInitializeNPagedLookasideList
KeInitializeTimer
KeInitializeDpc
IoGetDmaAdapter
KeInitializeSpinLock
MmMapIoSpace
IoDeleteDevice
IoDetachDevice
IoDeleteSymbolicLink
IoSetDeviceInterfaceState
RtlFreeUnicodeString
IoRegisterDeviceInterface
KeInitializeDeviceQueue
IoAttachDeviceToDeviceStack
KeInsertQueueDpc
KeQueryInterruptTime
MmUnmapLockedPages
KeTickCount
KeBugCheckEx
WRITE_REGISTER_ULONG
ZwQueryValueKey
ExFreePool
ProbeForRead
ExAllocatePoolWithQuotaTag
RtlUnwind

hal

KfLowerIrql
KeStallExecutionProcessor
KfRaiseIrql
KeGetCurrentIrql
KfReleaseSpinLock
KfAcquireSpinLock

1394bus.sys

Bus1394RegisterPortDriver

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECONS
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11b1da1a9a04edb9c2afce1a47240563

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

1394bus.sys

wmilib.sys

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 640B - Virtual size: 584B

.data Size: 128B - Virtual size: 112B

PAGE Size: 3KB - Virtual size: 3KB

PAGECONS Size: 128B - Virtual size: 16B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 640B - Virtual size: 584B

.data
Size: 128B - Virtual size: 112B

PAGE
Size: 3KB - Virtual size: 3KB

PAGECONS
Size: 128B - Virtual size: 16B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 1KB - Virtual size: 1KB