5b73bc360728ce81fce0af9242c7cc545f8b0132120f5e47f45df9cce752984d

Sharing

Copy URL Twitter E-mail

General

Target

5b73bc360728ce81fce0af9242c7cc545f8b0132120f5e47f45df9cce752984d
Size

106KB
MD5

60913968518d7cfc31fceeaf432719be
SHA1

028f66454622f47d35205d60b6cc6c698d3fc84f
SHA256

5b73bc360728ce81fce0af9242c7cc545f8b0132120f5e47f45df9cce752984d
SHA512

7a5c3f4d2f1870d3697728c407425aaf544bf0ec208baafbb5b5adc8b906cc4a4003914f9b35fdc8896b43fcabe27a9861c6f2878dc4cb1ec6b075a21f074237
SSDEEP

3072:8cJIRhV2vhn1MzF6rtLmkKi7inxDkdgaKjJkNcbzCIVnij8N:fJu2h1MzFAtLp4xDkdNcJzCEi2

Score

N/A

Malware Config

Signatures

Files

5b73bc360728ce81fce0af9242c7cc545f8b0132120f5e47f45df9cce752984d
.exe windows x86

4de3837acd693f71e8ed3bbc1490f9e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlCompareMemory
IoWMIRegistrationControl
IofCompleteRequest
IofCallDriver
IoDeleteSymbolicLink
IoGetConfigurationInformation
KeFlushQueuedDpcs
IoInvalidateDeviceRelations
KeSetEvent
PsIsThreadTerminating
KeWaitForSingleObject
KeInitializeEvent
IoCreateArcName
KeTickCount
IoFreeMdl
MmUnlockPages
KeDelayExecutionThread
MmProbeAndLockPages
IoAllocateMdl
IoReportTargetDeviceChangeAsynchronous
_allshl
strncmp
IoSetHardErrorOrVerifyDevice
PoQueryWatchdogTime
strchr
_allmul
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
RtlDeleteRegistryValue
RtlQueryRegistryValues
memmove
RtlInitUnicodeString
_allshr
_aullrem
EtwWrite
KeQueryTimeIncrement
_allrem
KeReleaseMutex
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
IoFreeIrp
IoReuseIrp
KeQuerySystemTime
MmBuildMdlForNonPagedPool
KeInitializeMutex
IoAllocateIrp
KeCancelTimer
IoBuildPartialMdl
MmUnmapLockedPages
KeSetTimer
KeInitializeDpc
KeInitializeTimer
KeBugCheckEx
RtlUnwind
MmGetSystemRoutineAddress
memcpy
ExAllocatePoolWithTag
IoWMIWriteEvent
ExFreePoolWithTag
EtwUnregister
RtlCopyUnicodeString
ZwClose
ZwOpenKey
DbgPrint
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
KiBugCheckData
EtwRegister
memset
_vsnwprintf
_alldiv
KeGetCurrentThread

hal

KfAcquireSpinLock
KfLowerIrql
KfRaiseIrql
KfReleaseSpinLock
KeGetCurrentIrql

wdfldr.sys

WdfVersionBind
WdfVersionBindClass
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4de3837acd693f71e8ed3bbc1490f9e5

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

wdfldr.sys

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 2KB

PAGE Size: 47KB - Virtual size: 46KB

PAGE Size: 2KB - Virtual size: 2KB

INIT Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 2KB

PAGE
Size: 47KB - Virtual size: 46KB

PAGE
Size: 2KB - Virtual size: 2KB

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 5KB