1d44a18c2e58723a51d5a081351e9df77dd75ca1f7e2347c6da67a9c1ebc1860

Sharing

Copy URL Twitter E-mail

General

Target

1d44a18c2e58723a51d5a081351e9df77dd75ca1f7e2347c6da67a9c1ebc1860
Size

398KB
MD5

4020d24f130bda9a95a30ac2a46fe06f
SHA1

404156f417eec3a4b78d5b8b95a05b553aac5de7
SHA256

1d44a18c2e58723a51d5a081351e9df77dd75ca1f7e2347c6da67a9c1ebc1860
SHA512

4de720a173d730605c22eac66558e60ba210be7e6cf3c59b808df0ed0586c6b880567f42d1f765bf94dacbe2eed798d5b5c82d9157a87057d212ccbfad33d2a0
SSDEEP

12288:VDwZl7L3/gITBgN/5bGrrcp0XIqfSBpLcS5Q4EGUggliqLB/Hf44HNCGIW2lMIxD:VDwrjBiAcXqqPO5/44wkLoD

Score

N/A

Malware Config

Signatures

Files

1d44a18c2e58723a51d5a081351e9df77dd75ca1f7e2347c6da67a9c1ebc1860
.exe windows x86

e5d6de8ff53e753af4925bfdefee5b60

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCallDriver
MmBuildMdlForNonPagedPool
IoAllocateMdl
ExAllocatePoolWithTag
IoBuildDeviceIoControlRequest
memset
ExQueueWorkItem
memcpy
ObfDereferenceObject
ObReferenceObjectByHandle
MmIsAddressValid
NtBuildNumber
RtlFreeUnicodeString
ExAllocatePool
MmGetSystemRoutineAddress
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwSetSecurityObject
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
SeExports
ZwClose
wcsrchr
ZwSetValueKey
ZwDeleteValueKey
ZwCreateKey
ZwQueryValueKey
ZwOpenKey
wcsncpy
_wcsnicmp
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
ZwWriteFile
PsGetCurrentProcessId
ZwDuplicateObject
ZwOpenProcess
_strnicmp
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IoGetRelatedDeviceObject
RtlAppendUnicodeToString
ZwDeleteKey
ZwEnumerateKey
ZwQueryKey
RtlAppendUnicodeStringToString
strrchr
PsGetCurrentThreadPreviousMode
ProbeForWrite
KeUnstackDetachProcess
ProbeForRead
KeStackAttachProcess
PsProcessType
_except_handler3
RtlCopyUnicodeString
IoFreeIrp
KeSetEvent
KeWaitForSingleObject
KeGetCurrentThread
SeCreateAccessState
IoGetFileObjectGenericMapping
KeInitializeEvent
IoAllocateIrp
ObCreateObject
IoFileObjectType
IoCreateFile
IoFreeWorkItem
PsSetLoadImageNotifyRoutine
IoDeleteSymbolicLink
IoUnregisterShutdownNotification
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoStopTimer
CmUnRegisterCallback
ZwAllocateVirtualMemory
ZwUnmapViewOfSection
IoQueueWorkItem
IoAllocateWorkItem
IoCreateDevice
IoRegisterBootDriverReinitialization
IoCreateDriver
InterlockedPushEntrySList
ZwLoadDriver
strstr
RtlUnicodeStringToInteger
_snprintf
PsTerminateSystemThread
KeCancelTimer
ExfInterlockedRemoveHeadList
KeWaitForMultipleObjects
KeSetTimerEx
KeInitializeTimerEx
KeSetPriorityThread
KeServiceDescriptorTable
rand
PsCreateSystemThread
MmUnmapLockedPages
KeSetAffinityThread
KeNumberProcessors
MmMapLockedPages
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwQuerySystemInformation
strncpy
ZwQueryInformationProcess
ObOpenObjectByPointer
ObReferenceObjectByPointer
ZwQueryDirectoryFile
InterlockedPopEntrySList
ExfInterlockedInsertHeadList
ExfInterlockedInsertTailList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
PsGetCurrentThreadId
IoStartTimer
IoInitializeTimer
ObQueryNameString
CmRegisterCallback
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
MmUnlockPages
MmProbeAndLockPages
IoCancelIrp
IoAttachDevice
IoDetachDevice
IoSetCompletionRoutineEx
KeTickCount
KeQueryTimeIncrement
_alldiv
_allmul
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlEqualUnicodeString
strchr
strncmp
MmSectionObjectType
srand
IoFreeMdl
ExFreePoolWithTag
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
MmMapLockedPagesSpecifyCache
_strlwr
IoGetCurrentProcess
IoRegisterShutdownNotification
PsGetProcessImageFileName

hal

KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock

tdi.sys

TdiMapUserRequest

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rtya0
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5d6de8ff53e753af4925bfdefee5b60

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

tdi.sys

Sections

.text Size: 79KB - Virtual size: 79KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 1KB - Virtual size: 2KB

INIT Size: 5KB - Virtual size: 4KB

rtya0 Size: 291KB - Virtual size: 290KB

.reloc Size: 11KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 408B

.text
Size: 79KB - Virtual size: 79KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 1KB - Virtual size: 2KB

INIT
Size: 5KB - Virtual size: 4KB

rtya0
Size: 291KB - Virtual size: 290KB

.reloc
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 408B