b26d105f57f7238b8ab65cf01eb3548c7863d7ea0e2bc8d0dc79de3102a6f8fe

Sharing

Copy URL Twitter E-mail

General

Target

b26d105f57f7238b8ab65cf01eb3548c7863d7ea0e2bc8d0dc79de3102a6f8fe
Size

434KB
MD5

907fb2282ada23bc791e462271e4ea40
SHA1

7af8f800676be65d616b28717b53bb150567b768
SHA256

b26d105f57f7238b8ab65cf01eb3548c7863d7ea0e2bc8d0dc79de3102a6f8fe
SHA512

6cd64537d7141348afa6e07c4a2ecde5226b263aa0f40cbecd6b2b120d6ea6f505d9a10d661ed238ae3bf423968477198ba829bd2117bed4d44b2c8c1cc21caa
SSDEEP

6144:YV1GKtb6QvyJd5IAPzKocDM9/yyPucZoeAXwe/ErAeMpYRqo/:K1GKtB6qUKVM9/yvc6eAXw5qGqC

Score

N/A

Malware Config

Signatures

Files

b26d105f57f7238b8ab65cf01eb3548c7863d7ea0e2bc8d0dc79de3102a6f8fe
.exe windows x86

baf3b4383ddb0e818cdef67eda07461d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoAllocateDriverObjectExtension
ZwSetValueKey
ZwCreateKey
ZwOpenKey
RtlInitUnicodeString
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwDeleteValueKey
IoGetDriverObjectExtension
KeTickCount
KeBugCheckEx
RtlAnsiCharToUnicodeChar
RtlCopyUnicodeString
ZwDeleteKey
ZwClose
DbgBreakPoint
KeInitializeEvent
KeInitializeSpinLock
ExDeleteNPagedLookasideList
IoGetDmaAdapter
ExInitializeNPagedLookasideList
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
_purecall
IoFreeMdl
MmUnlockPages
ObfDereferenceObject
IoGetAttachedDeviceReference
IoGetDeviceProperty
KeEnterCriticalRegion
KeLeaveCriticalRegion
KeSetEvent
KeClearEvent
KeWaitForSingleObject
IofCallDriver
RtlCompareMemory
IoFreeIrp
IoUnregisterPlugPlayNotification
IoRegisterPlugPlayNotification
IoAllocateIrp
ObfReferenceObject
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
ZwCreateFile
_allmul
KeGetCurrentThread
KeInsertQueueDpc
KeInitializeDpc
IoReuseIrp
IoAcquireRemoveLockEx
IoInvalidateDeviceState
IoCreateSymbolicLink
IoRequestDeviceEject
IoWMIWriteEvent
IoWMIRegistrationControl
KeDelayExecutionThread
RtlQueryRegistryValues
strncmp
IoAllocateMdl
MmMapLockedPagesSpecifyCache
memset
MmBuildMdlForNonPagedPool
IoDeleteSymbolicLink
IoInitializeRemoveLockEx
IoIsWdmVersionAvailable
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoDetachDevice
IoReleaseRemoveLockEx
KeSetTimer
IoCancelIrp
KeCancelTimer
KeInitializeTimerEx
IoReleaseCancelSpinLock
ExAcquireFastMutexUnsafe
ExReleaseFastMutexUnsafe
IoFreeWorkItem
IoAllocateWorkItem
IoQueueWorkItem
IoInvalidateDeviceRelations
KeSetTimerEx
KeInitializeTimer
KdDebuggerNotPresent
KdDebuggerEnabled
ExAllocateFromPagedLookasideList
ExFreeToPagedLookasideList
ExDeletePagedLookasideList
ExInitializePagedLookasideList
KeRemoveQueueDpc
IoUnregisterShutdownNotification
IoRegisterLastChanceShutdownNotification
IoRegisterShutdownNotification
PoStartNextPowerIrp
KeQuerySystemTime
MmUnmapLockedPages
MmSizeOfMdl
IoBuildPartialMdl
MmProbeAndLockPages
RtlFreeUnicodeString
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
PsGetVersion
MmGetSystemRoutineAddress
MmUnlockPagableImageSection
MmLockPagableSectionByHandle
MmLockPagableDataSection
RtlCompareUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
MmIsDriverVerifying
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
KeSetImportanceDpc
ZwQueryValueKey
KeReadStateEvent
PoCallDriver
PoSetPowerState
IoGetStackLimits
IoReleaseRemoveLockAndWaitEx
KeSynchronizeExecution
IoConnectInterrupt
IoDisconnectInterrupt
ExCreateCallback
ExRegisterCallback
ExUnregisterCallback
PoRequestPowerIrp
KeQueryTimeIncrement
RtlUnwind
memcpy
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
DbgPrint
IoDeleteDevice
IoCreateDevice
memmove
IofCompleteRequest
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
KeNumberProcessors
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
KeSetTargetProcessorDpc
PsTerminateSystemThread
PsCreateSystemThread
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
KiBugCheckData

wdfldr.sys

WdfRegisterLibrary
WdfLdrDiagnosticsValueByNameAsULONG

hal

ExAcquireFastMutex
KfReleaseSpinLock
KfAcquireSpinLock
KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql
ExReleaseFastMutex

Sections

.text
Size: 341KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWdfV
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

baf3b4383ddb0e818cdef67eda07461d

Headers

File Characteristics

Imports

ntoskrnl.exe

wdfldr.sys

hal

Sections

.text Size: 341KB - Virtual size: 341KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 5KB - Virtual size: 5KB

PAGEWdfV Size: 12KB - Virtual size: 12KB

PAGE Size: 6KB - Virtual size: 6KB

INIT Size: 5KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 341KB - Virtual size: 341KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 5KB - Virtual size: 5KB

PAGEWdfV
Size: 12KB - Virtual size: 12KB

PAGE
Size: 6KB - Virtual size: 6KB

INIT
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 17KB