61a24cefb8511bace9a86be1be31bd29998157f8e61b128336fb45ff049fb21e

General

Target

61a24cefb8511bace9a86be1be31bd29998157f8e61b128336fb45ff049fb21e
Size

70KB
MD5

0b1ebb5ce02d79535b5e787a0a1efacf
SHA1

2cbf41e3431a603f2fd402d738509b126cdf0c36
SHA256

61a24cefb8511bace9a86be1be31bd29998157f8e61b128336fb45ff049fb21e
SHA512

9b57bdffc5a4eb633a4666bdc0aa1222a23b2c42929778d3827b0dcb26e90d1b4f9d4570eb9e4c9b7fc44dd684d2f1b911c490391473be56face2c6addb0c3b2
SSDEEP

1536:/0HEhobEW65rpIKtEA/cn+0pAq7XMWfR6g2N:Lop87tb0y2FfRN

Score

N/A

Malware Config

Signatures

Files

61a24cefb8511bace9a86be1be31bd29998157f8e61b128336fb45ff049fb21e
.exe windows x86

b3921379489b452d76b60280fab93ce7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlAppendStringToString
RtlInitString
RtlIsValidOemCharacter
RtlCompareUnicodeString
NtQueryEaFile
PsLookupThreadByThreadId
RtlFreeUnicodeString
IoAllocateMdl
ExAcquireResourceExclusiveLite
RtlAnsiStringToUnicodeString
RtlCopyLuid
NtQueryInformationProcess
ZwOpenFile
ObReferenceObjectByPointer
ExExtendZone
ExFreePool
RtlUpcaseUnicodeStringToAnsiString
memcpy
ExAllocatePool
ZwMapViewOfSection
SeSinglePrivilegeCheck
SeDeassignSecurity
RtlImageNtHeader
ZwCreateSection

classpnp.sys

ClassSetFailurePredictionPoll
ClassDeleteSrbLookasideList
ClassCheckMediaState
ClassAsynchronousCompletion
ClassQueryTimeOutRegistryValue

hal

HalInitializeProcessor
HalGetAdapter
KeRaiseIrqlToDpcLevel
WRITE_PORT_USHORT
KeTryToAcquireQueuedSpinLock
READ_PORT_BUFFER_UCHAR
HalProcessorIdle
ExAcquireFastMutex
HalStopProfileInterrupt
KeReleaseQueuedSpinLock
IoFreeAdapterChannel
HalAcquireDisplayOwnership
HalReturnToFirmware
HalSetBusData

Exports

Exports

CmxcnpaZcheuy
UbuHpenPnljjXy

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 58B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3921379489b452d76b60280fab93ce7

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

classpnp.sys

hal

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 16KB - Virtual size: 67KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 58B

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 16KB - Virtual size: 67KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 58B