2b5d2728b57bf0092134586bdadb807d05c7a0eaf487f3f6987fcd62ee5d01d5

Sharing

Copy URL Twitter E-mail

General

Target

2b5d2728b57bf0092134586bdadb807d05c7a0eaf487f3f6987fcd62ee5d01d5
Size

25KB
MD5

680f0dc77d17d4f17ab86f5bf16ca275
SHA1

0c8cb1fbe9460af5acbe798f3f4c9e5436b7bf14
SHA256

2b5d2728b57bf0092134586bdadb807d05c7a0eaf487f3f6987fcd62ee5d01d5
SHA512

5cc64764f6a3786caf3b99fba9590bf611f6d49d84072242927e6ae958ccadf5597ec6263dc944074a4361a158ed381083d44cb1f711e6a744b3e7941ed32d1e
SSDEEP

384:Aon6Ej/3ALrkgTYSFCnoiwRk1DMFfV9IcqjKiozK0OVEfYJLWW+BHwbZP:A0Zjv8kgTFCnoiwRo4FN+NETuLf/bZP

Score

N/A

Malware Config

Signatures

Files

2b5d2728b57bf0092134586bdadb807d05c7a0eaf487f3f6987fcd62ee5d01d5
.exe windows x86

6adfebce286c68ae1256d234f26d88ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PoStartNextPowerIrp
ExReleaseFastMutexUnsafe
IoDeleteDevice
IoCreateSymbolicLink
RtlInitUnicodeString
ExAcquireFastMutexUnsafe
IoDeleteSymbolicLink
ObfDereferenceObject
KeWaitForSingleObject
IoBuildSynchronousFsdRequest
IoGetAttachedDeviceReference
ZwClose
ZwUnmapViewOfSection
ObReferenceObjectByHandle
PoCallDriver
IoInitializeRemoveLockEx
IoAttachDeviceToDeviceStack
IoCreateDevice
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
ZwMapViewOfSection
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
ExFreePoolWithTag
ExAllocatePoolWithTag
memcpy
memset
KeTickCount
KeBugCheckEx
KeSetEvent
IoAcquireRemoveLockEx
IofCompleteRequest
IofCallDriver
IoReleaseRemoveLockEx
ZwOpenSection
KeInitializeEvent
MmGetSystemRoutineAddress
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString

hal

READ_PORT_ULONG
WRITE_PORT_USHORT
READ_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_UCHAR
WRITE_PORT_ULONG

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6adfebce286c68ae1256d234f26d88ab

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 548B

PAGE Size: 7KB - Virtual size: 6KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 1024B - Virtual size: 832B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 548B

PAGE
Size: 7KB - Virtual size: 6KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 1024B - Virtual size: 832B