7d53386de506be70f62618491db44b89a3ec0f9736829aa47b2c23d774245872

Sharing

Copy URL Twitter E-mail

General

Target

7d53386de506be70f62618491db44b89a3ec0f9736829aa47b2c23d774245872
Size

63KB
MD5

0aef48439d2e306f14496cc7d6a320d7
SHA1

2d19f5161c6ee09b26050b30f2a49e291ab639b1
SHA256

7d53386de506be70f62618491db44b89a3ec0f9736829aa47b2c23d774245872
SHA512

d956a0419d3b6c90f1cf337d788fe102c0420862aad327fdd134f0988482567b6db045bf1473bbd65167d6e49fccb3c1cfa6c067f3fdbd7efbf289c12ae5fd1d
SSDEEP

768:g/NA29vprT5RIvVHBcq1F0hhovzSEAAzMQTBHaje10JyBaUfPOSpgnH9a0ppT:kNA29vZyhcMjb/QCtNfkHv/

Score

N/A

Malware Config

Signatures

Files

7d53386de506be70f62618491db44b89a3ec0f9736829aa47b2c23d774245872
.exe windows x86

2da71861ca7a4f2be76f7e4a7ea53551

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hal

WRITE_PORT_BUFFER_UCHAR
KfReleaseSpinLock
HalTranslateBusAddress
HalGetInterruptVector
ExAcquireFastMutex
ExReleaseFastMutex
WRITE_PORT_UCHAR
KdComPortInUse
READ_PORT_UCHAR
KfRaiseIrql
KfLowerIrql
KfAcquireSpinLock

ntoskrnl.exe

IoCancelIrp
KeInitializeDpc
KeInitializeTimer
ExAllocatePoolWithTag
DbgBreakPoint
KeInitializeSpinLock
memmove
PoSetPowerState
KeWaitForSingleObject
ExAllocatePoolWithQuotaTag
_except_handler3
KeInsertQueueDpc
KeDelayExecutionThread
MmLockPagableSectionByHandle
MmQuerySystemSize
KeQuerySystemTime
KeSetEvent
KeSetTimer
IofCallDriver
PoCallDriver
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeCancelTimer
IoInvalidateDeviceState
IoQueryDeviceDescription
ZwClose
IoDetachDevice
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlDeleteRegistryValue
IoDeleteSymbolicLink
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
RtlWriteRegistryValue
IoCreateSymbolicLink
wcslen
RtlInitUnicodeString
KeInitializeEvent
IoCreateDevice
RtlIntegerToUnicodeString
IoAttachDeviceToDeviceStack
IoConnectInterrupt
RtlQueryRegistryValues
ZwQueryValueKey
ZwSetValueKey
ZwEnumerateKey
IoReportDetectedDevice
ZwOpenKey
PoRequestPowerIrp
PoStartNextPowerIrp
KeClearEvent
KeTickCount
KeBugCheckEx
IoDeleteDevice
IoGetConfigurationInformation
IoWMIRegistrationControl
IoDisconnectInterrupt
KeRemoveQueueDpc
MmUnmapIoSpace
MmMapIoSpace
MmLockPagableDataSection
ExFreePoolWithTag
MmUnlockPagableImageSection
_allmul
IoAcquireCancelSpinLock
KeSynchronizeExecution
IoReleaseCancelSpinLock
IoOpenDeviceRegistryKey
IofCompleteRequest

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGESRP0
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESER
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2da71861ca7a4f2be76f7e4a7ea53551

Headers

File Characteristics

Imports

hal

ntoskrnl.exe

wmilib.sys

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 512B - Virtual size: 484B

.data Size: 384B - Virtual size: 280B

PAGESRP0 Size: 15KB - Virtual size: 15KB

PAGESER Size: 14KB - Virtual size: 14KB

INIT Size: 9KB - Virtual size: 9KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 512B - Virtual size: 484B

.data
Size: 384B - Virtual size: 280B

PAGESRP0
Size: 15KB - Virtual size: 15KB

PAGESER
Size: 14KB - Virtual size: 14KB

INIT
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 2KB - Virtual size: 1KB