0562607d974cfad4b65c824bbc299125a84ee70b6ad99299455ebab195e8315c

Sharing

Copy URL Twitter E-mail

General

Target

0562607d974cfad4b65c824bbc299125a84ee70b6ad99299455ebab195e8315c
Size

149KB
MD5

6e019259aeae0c61f626087df9be8467
SHA1

6fd8dae61835b688dbc59da5bfb11815779a426a
SHA256

0562607d974cfad4b65c824bbc299125a84ee70b6ad99299455ebab195e8315c
SHA512

672dcb1811374c49c7820667450a28fec501b9e544cd3c9626ee86ec7acaa231c033d2e6a386a62d6a8e9ae626c216db9bfd0495b18d944b7087c502adc027c4
SSDEEP

3072:zP+1wyyBw0iQM+jCc10YiYtlxpq2jGIKwJkXkzmA5wrH0vDeqD0d:j+12w0TM0il2dKoIkzP58C+

Score

N/A

Malware Config

Signatures

Files

0562607d974cfad4b65c824bbc299125a84ee70b6ad99299455ebab195e8315c
.exe windows x86

36d1d1a79a966dff6d007e85983dbf9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCallDriver
KeGetCurrentThread
KeDelayExecutionThread
IoBuildAsynchronousFsdRequest
ObfReferenceObject
IoAllocateIrp
MmBuildMdlForNonPagedPool
IoBuildPartialMdl
MmGetPhysicalAddress
IoAllocateMdl
_allshr
KeInitializeEvent
KeWaitForSingleObject
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
_except_handler3
MmUnmapLockedPages
IofCompleteRequest
memmove
KeSetEvent
ProbeForRead
ProbeForWrite
KeTickCount
PsCreateSystemThread
KeInitializeSemaphore
FsRtlIsTotalDeviceFailure
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlInitUnicodeString
swprintf
RtlCopyUnicodeString
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
IoAttachDeviceToDeviceStack
PoCallDriver
PoStartNextPowerIrp
RtlVerifyVersionInfo
VerSetConditionMask
IoBuildDeviceIoControlRequest
IoBuildSynchronousFsdRequest
IoGetAttachedDeviceReference
RtlFreeUnicodeString
IoGetDeviceObjectPointer
ObfDereferenceObject
RtlInitAnsiString
RtlAppendUnicodeStringToString
RtlStringFromGUID
IoFreeIrp
RtlFreeAnsiString
IoDeleteSymbolicLink
strncmp
RtlUnicodeStringToAnsiString
wcsncmp
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwQueryValueKey
ZwOpenKey
IoGetDeviceProperty
RtlCompareMemory
IoWritePartitionTableEx
_allmul
IoReadPartitionTableEx
IoRegisterDriverReinitialization
IoReportDetectedDevice
IoCreateSynchronizationEvent
IoWriteErrorLogEntry
strncpy
IoAllocateErrorLogEntry
InterlockedPopEntrySList
InterlockedPushEntrySList
ExInitializeNPagedLookasideList
IoCreateDevice
IoCreateSymbolicLink
ZwCreateDirectoryObject
ZwMakeTemporaryObject
isdigit
PoRequestPowerIrp
PoSetPowerState
IoWMIRegistrationControl
wcslen
KeBugCheckEx
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
KeInitializeSpinLock
IoDeleteDevice
MmUnlockPages
RtlAnsiStringToUnicodeString
IoFreeMdl
IoInvalidateDeviceRelations
KeQuerySystemTime
IoVolumeDeviceToDosName
KeReleaseSemaphore
KeInitializeDpc
KeInitializeTimer
KeSetTimer
PsTerminateSystemThread
_aulldvrm
IoRaiseInformationalHardError
_allrem
_alldiv
_alldvrm
ZwClose
sprintf

hal

ExAcquireFastMutex
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
ExReleaseFastMutex

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36d1d1a79a966dff6d007e85983dbf9e

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

wmilib.sys

Sections

.text Size: 118KB - Virtual size: 118KB

.rdata Size: 896B - Virtual size: 820B

.data Size: 14KB - Virtual size: 14KB

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 3KB - Virtual size: 2KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 118KB - Virtual size: 118KB

.rdata
Size: 896B - Virtual size: 820B

.data
Size: 14KB - Virtual size: 14KB

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 5KB