fda085545e7ca6271eb3808fb966e11c8120a04b50a3ffec3a5e54acb5538889

General

Target

fda085545e7ca6271eb3808fb966e11c8120a04b50a3ffec3a5e54acb5538889
Size

77KB
MD5

9348648efc8e36a2f75a4d6bbae193d2
SHA1

a0bf9fe87d34d191dace2641d7b3b2712773f16f
SHA256

fda085545e7ca6271eb3808fb966e11c8120a04b50a3ffec3a5e54acb5538889
SHA512

3cfe274524b8a69ababe53e61351e3895a435c4f9ce640adbd9f3110e1b282522b1531000813cae369782f52fd5fefe3217996b0c1e9faeb0e1260c3fb2029ff
SSDEEP

1536:qAsdyTHQFuF/8MXO7FDgAtGIhXi7WsSQJDNcsmjE3wRSMeO:1iKwFux8vrtDdQnmjEIJ

Score

N/A

Malware Config

Signatures

Files

fda085545e7ca6271eb3808fb966e11c8120a04b50a3ffec3a5e54acb5538889
.dll windows x86

d55c955a79730aebfe7c00b4bf24d68f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitializeBitMap
ExFreePool
ExAllocatePool
RtlImageNtHeader
KeProfileInterruptWithSource
IoBuildAsynchronousFsdRequest
FsRtlUninitializeMcb
RtlQueryTimeZoneInformation
memcpy

classpnp.sys

ClassStopUnitPowerHandler
ClassWmiFireEvent
ClassEnableMediaChangeDetection
ClassSendIrpSynchronous
ClassNotifyFailurePredicted
ClassMarkChildrenMissing
ClassDisableMediaChangeDetection
ClassQueryTimeOutRegistryValue
ClassAcquireChildLock
ClassCreateDeviceObject
ClassInternalIoControl

hal

WRITE_PORT_UCHAR
KfLowerIrql
IoReadPartitionTable
WRITE_PORT_ULONG
HalProcessorIdle
READ_PORT_BUFFER_UCHAR
READ_PORT_UCHAR
HalGetBusData
KeAcquireSpinLock
HalStartProfileInterrupt
READ_PORT_BUFFER_USHORT
HalReportResourceUsage
HalSetDisplayParameters
KeRaiseIrqlToSynchLevel
HalInitSystem
HalGetAdapter
HalCalibratePerformanceCounter
IoFreeMapRegisters

Exports

Exports

QpCyocbGr
VvKpudahYfzrl
Ehaa
TinXwtcbgNaoyNie
YwrtGkhsneTueurt
DvzdbPtrhccbHnv
AhdcqhXrqczOhicpnqLqn
EtoGsomDzreaxbDazzcrAu
LjBuvrgfTmpbwFs

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d55c955a79730aebfe7c00b4bf24d68f

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

classpnp.sys

hal

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 69KB - Virtual size: 160KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 38B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 69KB - Virtual size: 160KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 38B