0c233043a4302fa1fef0a1ab22d20f8203c817eea6a513d62b655537d1104a75

General

Target

0c233043a4302fa1fef0a1ab22d20f8203c817eea6a513d62b655537d1104a75
Size

68KB
MD5

8d395ff4d1a17a8dfab003f843654ce0
SHA1

35eabb0984904cd3e575a0d1fc4de6c0f3bdae5e
SHA256

0c233043a4302fa1fef0a1ab22d20f8203c817eea6a513d62b655537d1104a75
SHA512

3f60a2084d5e0ec9edee39819e91a35a6b148b00f93703b689bc8922ed4d6c0ae1d463d0b11d6f2a4fac8a62c3e84d25c06b15db673d7cb4f2e2ea9503ef8ebc
SSDEEP

1536:bAzFr9XrETndkhqvSbbFrz0RxzoacGd94aC6OPxdgd2bPJ:bApZ7E7dxv0prE6qM6OPxi2DJ

Score

N/A

Malware Config

Signatures

Files

0c233043a4302fa1fef0a1ab22d20f8203c817eea6a513d62b655537d1104a75
.exe windows x86

85c99d6a47aafa00f5f9fa73338842b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitString
MmMapUserAddressesToPage
memcpy
ZwOpenFile
wcscpy
RtlDecompressFragment
IoBuildSynchronousFsdRequest
RtlImageNtHeader
ZwCreateSymbolicLinkObject
ExAllocatePool
isprint
RtlCompareUnicodeString
SeTokenIsAdmin
CcScheduleReadAhead
ZwCreateSection
RtlAnsiStringToUnicodeString
atol
RtlGetGroupSecurityDescriptor
HalDispatchTable
ExFreePool
RtlRandom
RtlFreeUnicodeString
RtlInitUnicodeString
KeBugCheck

classpnp.sys

ClassIoCompleteAssociated
ClassDebugPrint
ClassUpdateInformationInRegistry
ClassRemoveDevice
ClassStopUnitPowerHandler

hal

IoReadPartitionTable
HalInitSystem
IoFreeMapRegisters
READ_PORT_BUFFER_UCHAR
HalAssignSlotResources
IoFreeAdapterChannel
HalAllocateCrashDumpRegisters
ExTryToAcquireFastMutex
KfLowerIrql
HalSystemVectorDispatchEntry
HalSetTimeIncrement
HalSetBusData
HalGetAdapter
HalGetBusDataByOffset

Exports

Exports

FltxMptkKgs
ZbqRlxzrCismnsXw
FdsEgxhdpKtjdelZyjjalTgi

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85c99d6a47aafa00f5f9fa73338842b7

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

classpnp.sys

hal

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 15KB - Virtual size: 63KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 68B

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 15KB - Virtual size: 63KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 68B