ee41bcd94661b4db2f70b4c2d02b00a01102039990d533c84612717ba4925e77

Sharing

Copy URL Twitter E-mail

General

Target

ee41bcd94661b4db2f70b4c2d02b00a01102039990d533c84612717ba4925e77
Size

137KB
MD5

80bde76f5ea789787beb8c95e2d4257f
SHA1

8366fb3b740e3a1c746e2047f7125dc364622a6a
SHA256

ee41bcd94661b4db2f70b4c2d02b00a01102039990d533c84612717ba4925e77
SHA512

38fd0e2847274461bf72f10e5d04810d784b1381dfb9cee4de026eacc96b8bb8bc22543adf9e8ffb71cf8ac4ea390301886f09262af0b75cfef84ea08be3a826
SSDEEP

3072:DKHzKnnJcExHqB3OqrFnslfx8Y1At5WM6gx/q8BRkWWZDYl1bkI8Mm:DKHzKnnJcC43frFsVOY1AHWMTx/q8BWN

Score

N/A

Malware Config

Signatures

Files

ee41bcd94661b4db2f70b4c2d02b00a01102039990d533c84612717ba4925e77
.exe windows x86

169d00cf890e7c411f11e80652362770

Code Sign

6d:a0:c5:7f:bc:d0:b4:64:60:97:ca:34:f5:69:0e:bf:c7:dd:a7:db
Signer

Actual PE Digest

6d:a0:c5:7f:bc:d0:b4:64:60:97:ca:34:f5:69:0e:bf:c7:dd:a7:db

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

NO CERTIFICATE

01/01/0001, 00:00
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoFreeWorkItem
ZwClose
RtlQueryRegistryValues
ZwCreateKey
RtlInitUnicodeString
IoOpenDeviceRegistryKey
ZwOpenKey
IoFreeIrp
IoFreeMdl
RtlCompareMemory
IoStopTimer
EtwWrite
IoGetDriverObjectExtension
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeQueryTimeIncrement
KeQuerySystemTime
_allmul
IoQueueWorkItem
IoAllocateWorkItem
IoReuseIrp
IofCallDriver
KeInitializeEvent
MmBuildMdlForNonPagedPool
IoAllocateMdl
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
ObfDereferenceObject
IoBuildDeviceIoControlRequest
IoGetAttachedDeviceReference
KeInitializeMutex
IoAllocateIrp
IoStartTimer
IoInitializeTimer
KeLeaveCriticalRegion
KeSetEvent
KeEnterCriticalRegion
KeGetCurrentThread
_vsnprintf
IoGetIoPriorityHint
EtwRegister
EtwUnregister
IoWMIWriteEvent
MmGetSystemRoutineAddress
IoWMIRegistrationControl
IofCompleteRequest
DbgPrintEx
IoUnregisterPriorityCallback
_allshl
_alldiv
IoGetPagingIoPriority
IoStartNextPacket
MmUnlockPages
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
IoInitializeIrp
KeWaitForSingleObject
KeTickCount
IoGetDeviceProperty
IoRegisterPriorityCallback
RtlCopyUnicodeString
IoAllocateDriverObjectExtension
IoStartPacket
IoSetHardErrorOrVerifyDevice
memmove
IoDeleteDevice
IoCreateDevice
RtlInitString
ObReferenceObjectByPointer
IoInvalidateDeviceRelations
MmProbeAndLockPages
KefReleaseSpinLockFromDpcLevel
KeBugCheckEx
KefAcquireSpinLockAtDpcLevel
_alldvrm
IoDetachDevice
ZwSetValueKey
KeInitializeDpc
KeInitializeTimer
ObfReferenceObject
KeBugCheck
KeDelayExecutionThread
RtlDeleteRegistryValue
_vsnwprintf
RtlTimeToTimeFields
InterlockedPopEntrySList
PoStartNextPowerIrp
PoCallDriver
PoSetPowerState
PoQueryWatchdogTime
InterlockedPushEntrySList
MmUnmapLockedPages
ExVerifySuite
IoBuildPartialMdl
KeCancelTimer
_aulldiv
KeSetTimer
KeInsertQueueDpc
strncmp
RtlWriteRegistryValue
IoReadPartitionTableEx
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
IoGetDeviceObjectPointer
IoBuildSynchronousFsdRequest
RtlCompareUnicodeString
RtlAppendUnicodeStringToString
RtlInitAnsiString
IoGetConfigurationInformation
IoAttachDeviceToDeviceStack
KeRegisterBugCheckReasonCallback
KeDeregisterBugCheckReasonCallback
RtlUnwind
KeReleaseMutex
memset
memcpy
ExAllocatePoolWithTag
IoReportTargetDeviceChangeAsynchronous
KeSetTimerEx
ExFreePoolWithTag
EtwEventEnabled
EtwProviderEnabled

hal

KeQueryPerformanceCounter
KfRaiseIrql
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Exports

Exports

ClassAcquireChildLock
ClassAcquireRemoveLockEx
ClassAsynchronousCompletion
ClassBuildRequest
ClassCheckMediaState
ClassClaimDevice
ClassCleanupMediaChangeDetection
ClassCompleteRequest
ClassCreateDeviceObject
ClassDebugPrint
ClassDeleteSrbLookasideList
ClassDeviceControl
ClassDisableMediaChangeDetection
ClassEnableMediaChangeDetection
ClassFindModePage
ClassForwardIrpSynchronous
ClassGetDescriptor
ClassGetDeviceParameter
ClassGetDriverExtension
ClassGetFsContext
ClassGetVpb
ClassInitialize
ClassInitializeEx
ClassInitializeMediaChangeDetection
ClassInitializeSrbLookasideList
ClassInitializeTestUnitPolling
ClassInternalIoControl
ClassInterpretSenseInfo
ClassInvalidateBusRelations
ClassIoComplete
ClassIoCompleteAssociated
ClassMarkChildMissing
ClassMarkChildrenMissing
ClassModeSense
ClassNotifyFailurePredicted
ClassQueryTimeOutRegistryValue
ClassReadDriveCapacity
ClassReleaseChildLock
ClassReleaseQueue
ClassReleaseRemoveLock
ClassRemoveDevice
ClassResetMediaChangeTimer
ClassScanForSpecial
ClassSendDeviceIoControlSynchronous
ClassSendIrpSynchronous
ClassSendNotification
ClassSendSrbAsynchronous
ClassSendSrbSynchronous
ClassSendStartUnit
ClassSetDeviceParameter
ClassSetFailurePredictionPoll
ClassSetMediaChangeState
ClassSignalCompletion
ClassSpinDownPowerHandler
ClassSplitRequest
ClassStopUnitPowerHandler
ClassUpdateInformationInRegistry
ClassWmiCompleteRequest
ClassWmiFireEvent
DllUnload

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

169d00cf890e7c411f11e80652362770

Code Sign

6d:a0:c5:7f:bc:d0:b4:64:60:97:ca:34:f5:69:0e:bf:c7:dd:a7:dbSigner

Signature Validations

Verification

01/01/0001, 00:00 Valid: false

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 68KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 3KB

PAGE Size: 28KB - Virtual size: 27KB

.edata Size: 2KB - Virtual size: 2KB

PAGE Size: 2KB - Virtual size: 2KB

INIT Size: 3KB - Virtual size: 3KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 6KB - Virtual size: 6KB

6d:a0:c5:7f:bc:d0:b4:64:60:97:ca:34:f5:69:0e:bf:c7:dd:a7:db
Signer

01/01/0001, 00:00
Valid: false

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 3KB

PAGE
Size: 28KB - Virtual size: 27KB

.edata
Size: 2KB - Virtual size: 2KB

PAGE
Size: 2KB - Virtual size: 2KB

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 6KB - Virtual size: 6KB