cbe7a407df9455f8da9fda57250e7cefb40b18d8ca812a45bccd918274e911a1

General

Target

cbe7a407df9455f8da9fda57250e7cefb40b18d8ca812a45bccd918274e911a1
Size

106KB
MD5

60b496b250b95419529ce1e3ece6a690
SHA1

a638cd0bd362738ba289c36ebe4d10f9111a49e5
SHA256

cbe7a407df9455f8da9fda57250e7cefb40b18d8ca812a45bccd918274e911a1
SHA512

afbd8aa07e6a6ba93b5b331a6c0902d2b6c0b20f2dd8b06ebae6a74e94de5da0080a2703a09bfc282e420eed7b124476dcc758067ca4b1346cbd49162aa24745
SSDEEP

3072:jRLRUUOS4AiW3Bhx9G0SzXe4SPIdcWu3D0Y:jRNtOS4Az+iZIdRuzp

Score

N/A

Malware Config

Signatures

Files

cbe7a407df9455f8da9fda57250e7cefb40b18d8ca812a45bccd918274e911a1
.exe windows x86

8ea7abdef71750d294cdcdfaf5a65289

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

hal

KdComPortInUse
KeLowerIrql
KfReleaseSpinLock
IoFlushAdapterBuffers
KeStallExecutionProcessor
READ_PORT_UCHAR
KfRaiseIrql
HalGetInterruptVector
IoMapTransfer
READ_PORT_BUFFER_USHORT
KeQueryPerformanceCounter
KfAcquireSpinLock
KfLowerIrql
HalGetBusDataByOffset
READ_PORT_BUFFER_ULONG
KeGetCurrentIrql
WRITE_PORT_UCHAR
WRITE_PORT_ULONG
READ_PORT_ULONG
READ_PORT_USHORT
WRITE_PORT_BUFFER_ULONG
HalSetBusDataByOffset
HalTranslateBusAddress
WRITE_PORT_BUFFER_USHORT
READ_PORT_BUFFER_UCHAR
WRITE_PORT_BUFFER_UCHAR
KeRaiseIrqlToDpcLevel
WRITE_PORT_USHORT

ntoskrnl.exe

SeQuerySecurityDescriptorInfo
KeRemoveEntryDeviceQueue
RtlUnicodeStringToInteger
KeSetTimeIncrement
ZwUnmapViewOfSection
InterlockedCompareExchange
RtlGetOwnerSecurityDescriptor
ZwQueryValueKey
_strupr
IoRemoveShareAccess
ExInitializeNPagedLookasideList
IoRegisterDeviceInterface
ZwWaitForSingleObject
ObfDereferenceObject
IoCreateFile
ExAllocatePoolWithTag
MmGetPhysicalAddress
IoStartNextPacket
qsort
KeSynchronizeExecution
WRITE_REGISTER_BUFFER_USHORT
IoRegisterDriverReinitialization
FsRtlCheckLockForWriteAccess
KeDetachProcess
ZwQueryKey
RtlAddAccessAllowedAce
ZwEnumerateKey
FsRtlIsNtstatusExpected
ZwClose
KeQueryTimeIncrement
ExReleaseResourceForThreadLite
KeInitializeQueue
ZwSetInformationFile
NtClose
IoGetRelatedDeviceObject
IoRegisterFileSystem

Sections

.text
Size: 1024B - Virtual size: 871B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ea7abdef71750d294cdcdfaf5a65289

Headers

File Characteristics

Imports

hal

ntoskrnl.exe

Sections

.text Size: 1024B - Virtual size: 871B

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 97KB - Virtual size: 97KB

.reloc Size: 256B - Virtual size: 48B

.text
Size: 1024B - Virtual size: 871B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 97KB - Virtual size: 97KB

.reloc
Size: 256B - Virtual size: 48B