0e8c2976b6c1264918c443989bbfcbfadbc9f5112e0f41bd188cbde61fdf15fc

Sharing

Copy URL Twitter E-mail

General

Target

0e8c2976b6c1264918c443989bbfcbfadbc9f5112e0f41bd188cbde61fdf15fc
Size

35KB
MD5

83bb5d8090602a6cb8a0c17b5378ebd9
SHA1

9a7c7455b03051dcd43ede897db20bd0acb6d8e5
SHA256

0e8c2976b6c1264918c443989bbfcbfadbc9f5112e0f41bd188cbde61fdf15fc
SHA512

5ce7a5e4966068f203e4eedabd82f7c747c756a5479c3ae415c01d48c6ab9b5de025427c9ee9bda4d4fd3e88d9d7ef2fec0ca3cf57192fbc39d7fa66f5b83e65
SSDEEP

768:FgeJpBApQnLs/oGMjZYEY/kETW/VbwTCJFgQgkV:FgeJpBAinQAGMjZYpktu+JFgQgkV

Score

N/A

Malware Config

Signatures

Files

0e8c2976b6c1264918c443989bbfcbfadbc9f5112e0f41bd188cbde61fdf15fc
.exe windows x86

2a7faa69cfee2416e3d62673a51c91e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoFreeIrp
IoFreeMdl
IoWMIRegistrationControl
ExfInterlockedPopEntryList
KeInitializeSpinLock
ExQueueWorkItem
ExfInterlockedPushEntryList
MmBuildMdlForNonPagedPool
IoAllocateMdl
ZwQueryValueKey
RtlUnicodeStringToInteger
IoReadDiskSignature
ZwOpenKey
IoReadPartitionTable
DbgPrint
IoReadPartitionTableEx
IoWritePartitionTableEx
IoSetPartitionInformationEx
IoSetPartitionInformation
IoRegisterBootDriverReinitialization
IoGetConfigurationInformation
RtlQueryRegistryValues
IoOpenDeviceRegistryKey
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlAnsiStringToUnicodeString
RtlInitAnsiString
sprintf
IoCreateSymbolicLink
IoDeleteSymbolicLink
RtlFreeUnicodeString
IoSetDeviceInterfaceState
KeInitializeMutex
InitSafeBootMode
IoRegisterDeviceInterface
HalExamineMBR
KeTickCount
KeBugCheckEx
_allmul
_allrem
IoAllocateWorkItem
IoQueueWorkItem
IoReportTargetDeviceChangeAsynchronous
IoBuildDeviceIoControlRequest
IoBuildSynchronousFsdRequest
IoInvalidateDeviceRelations
memmove
IoCreateDisk
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
IoAllocateIrp
IofCallDriver
_allshr
IoFreeWorkItem
KeWaitForSingleObject
KeReleaseMutex
ExAllocatePoolWithTag
KeSetEvent
strncmp
IoSetHardErrorOrVerifyDevice
swprintf
RtlInitUnicodeString
ZwCreateDirectoryObject
IoGetAttachedDeviceReference
ZwMakeTemporaryObject
ZwClose
ExFreePoolWithTag
IoAttachDeviceToDeviceStack
IoDeleteDevice
KeInitializeEvent
IoVerifyPartitionTable
ObfDereferenceObject

classpnp.sys

ClassQueryTimeOutRegistryValue
ClassUpdateInformationInRegistry
ClassInitializeMediaChangeDetection
ClassGetDeviceParameter
ClassDeleteSrbLookasideList
ClassReadDriveCapacity
ClassSignalCompletion
ClassMarkChildMissing
ClassInitializeSrbLookasideList
ClassNotifyFailurePredicted
ClassSetFailurePredictionPoll
ClassWmiCompleteRequest
ClassInterpretSenseInfo
ClassSpinDownPowerHandler
ClassInitialize
ClassInitializeEx
ClassSendDeviceIoControlSynchronous
ClassAcquireChildLock
ClassReleaseChildLock
ClassDeviceControl
ClassInvalidateBusRelations
ClassSetDeviceParameter
ClassModeSense
ClassFindModePage
ClassAcquireRemoveLockEx
ClassAsynchronousCompletion
ClassSendSrbSynchronous
ClassIoComplete
ClassReleaseRemoveLock
ClassCompleteRequest
ClassClaimDevice
ClassCreateDeviceObject
ClassScanForSpecial

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 384B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a7faa69cfee2416e3d62673a51c91e5

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

classpnp.sys

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 384B - Virtual size: 264B

PAGE Size: 17KB - Virtual size: 17KB

PAGE Size: 384B - Virtual size: 336B

INIT Size: 5KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 384B - Virtual size: 264B

PAGE
Size: 17KB - Virtual size: 17KB

PAGE
Size: 384B - Virtual size: 336B

INIT
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 1KB - Virtual size: 1KB