69cb9ce537c2750117b38d9fd6f855f765143f78a95f6067168baa4b7cb4d8f7

General

Target

69cb9ce537c2750117b38d9fd6f855f765143f78a95f6067168baa4b7cb4d8f7
Size

63KB
MD5

a030219654237eb5df594ce21f525fa7
SHA1

387eba5797be7798c36b53d7aa1dbeb9cdbffb1d
SHA256

69cb9ce537c2750117b38d9fd6f855f765143f78a95f6067168baa4b7cb4d8f7
SHA512

2330ee3c4b25132bd582abd289f94d9d582cdeb971693ad6990af50a1ec26c860f79b4541937265c8945ed76b88fba5b3c6f49d161798949dee6cd98c0816f9e
SSDEEP

1536:/jbHFoLn+Enh+AXYnwNLzLq4tkGPjCkv/VbVqNxvS/:/dYnr+ADzLq4tkGPjl3VbENd

Score

N/A

Malware Config

Signatures

Files

69cb9ce537c2750117b38d9fd6f855f765143f78a95f6067168baa4b7cb4d8f7
.exe windows x86

9db8540ab7fe3a179b2f4988161e91e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hal

KeAcquireQueuedSpinLock
KeAcquireInStackQueuedSpinLock
KfLowerIrql
KfRaiseIrql
KeGetCurrentIrql
KeReleaseQueuedSpinLock
KeReleaseInStackQueuedSpinLock

ntoskrnl.exe

PsGetCurrentProcessId
ObFindHandleForObject
READ_REGISTER_USHORT
ObCloseHandle
ObOpenObjectByName
IoThreadToProcess
KeTickCount
KeInitializeApc
KeInsertQueueApc
KeAcquireInStackQueuedSpinLockAtDpcLevel
KeReleaseInStackQueuedSpinLockFromDpcLevel
ObfReferenceObject
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
memmove
ExFreePoolWithTag
IofCompleteRequest
IoFreeMdl
ObfDereferenceObject
ObReferenceObjectByHandle
ExGetPreviousMode
InterlockedPushEntrySList

tdi.sys

TdiReturnChainedReceives
TdiMatchPdoWithChainedReceiveContext
TdiDeregisterPnPHandlers
TdiRegisterPnPHandlers
TdiCopyMdlToBuffer
TdiCopyBufferToMdl

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.PAGE
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9db8540ab7fe3a179b2f4988161e91e5

Headers

File Characteristics

Imports

hal

ntoskrnl.exe

tdi.sys

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 17KB - Virtual size: 17KB

INIT Size: 1024B - Virtual size: 1024B

.reloc Size: 256B - Virtual size: 202B

.PAGE Size: 256B - Virtual size: 256B

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 17KB - Virtual size: 17KB

INIT
Size: 1024B - Virtual size: 1024B

.reloc
Size: 256B - Virtual size: 202B

.PAGE
Size: 256B - Virtual size: 256B