8bbf01800140c996601cb3a5be86c8b7f27d492f2b1212b9890404c5fb1fab74

Sharing

Copy URL Twitter E-mail

General

Target

8bbf01800140c996601cb3a5be86c8b7f27d492f2b1212b9890404c5fb1fab74
Size

84KB
MD5

1780aff064063d496ec92c71324b6eb0
SHA1

bc813720a9b1f5dc87bd42f1eabd99c720767960
SHA256

8bbf01800140c996601cb3a5be86c8b7f27d492f2b1212b9890404c5fb1fab74
SHA512

5bd3f4f4d167128373e2cdd211e1ff2c54a0b12d8f8f73b727cf118faa79936f40fdf357ad222d77d38a276cdea1f62c0a317805e8f6765abca86470937dd001
SSDEEP

768:Mk0NvCuCzRlWWgBAljKPko23XCOEPVKMzPlnvV8m6fKpZCuvOL48TGgi5:Mk0MlWrvPkD3XnEjztvn6/a8y

Score

N/A

Malware Config

Signatures

Files

8bbf01800140c996601cb3a5be86c8b7f27d492f2b1212b9890404c5fb1fab74
.exe windows x86

5f0ed94a12a541ad688709da11f63e91

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObReferenceObjectByHandle
ZwCreateFile
IofCallDriver
IoBuildDeviceIoControlRequest
IoGetRelatedDeviceObject
memset
IoFreeMdl
MmProbeAndLockPages
IoFreeIrp
IoAllocateMdl
IofCompleteRequest
IoCancelIrp
KeQueryTimeIncrement
KeTickCount
_alldiv
_allmul
ZwFlushKey
ZwSetValueKey
ZwCreateKey
ZwQueryValueKey
ZwOpenKey
memcpy
ZwDeleteValueKey
IoDeleteDevice
IoDeleteSymbolicLink
IoGetDeviceObjectPointer
IoCreateSymbolicLink
IoCreateDevice
ZwDeleteKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlRandomEx
rand
srand
ExSystemTimeToLocalTime
KeQuerySystemTime
RtlLargeIntegerDivide
_allrem
RtlGetVersion
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IoRegisterShutdownNotification
RtlUpcaseUnicodeString
ExAllocatePool
ExFreePoolWithTag
IoDetachDevice
RtlCompareMemory
MmIsAddressValid
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
PsGetCurrentProcessId
memmove
MmGetSystemRoutineAddress
_snprintf
strrchr
strncpy
PsGetCurrentThreadId
ZwEnumerateKey
DbgPrint
strstr
_strnicmp
IoBuildSynchronousFsdRequest
RtlCompareUnicodeString
ZwSetInformationFile
ZwWriteFile
ZwReadFile
ZwWaitForSingleObject
ZwQueryInformationFile
IoCreateFileSpecifyDeviceObjectHint
IoGetDeviceAttachmentBaseRef
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlEqualUnicodeString
ObQueryNameString
RtlFreeUnicodeString
swprintf
ZwDeviceIoControlFile
ZwFsControlFile
KeGetCurrentThread
RtlCopyUnicodeString
ExAllocatePoolWithTag
ZwDeleteFile
IoAttachDeviceToDeviceStackSafe
PsCreateSystemThread
PsTerminateSystemThread
KeSetTimerEx
KeSetPriorityThread
KeCancelTimer
KeInitializeTimerEx
KeBugCheckEx
KeInitializeEvent
ObfDereferenceObject
KeWaitForSingleObject
ZwClose
RtlInitUnicodeString
IoAttachDeviceToDeviceStack
KeSetEvent
RtlAnsiCharToUnicodeChar
RtlUnwind

hal

KfReleaseSpinLock
KfAcquireSpinLock
ExAcquireFastMutex
ExReleaseFastMutex

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f0ed94a12a541ad688709da11f63e91

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 18KB - Virtual size: 18KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 18KB - Virtual size: 18KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 3KB - Virtual size: 3KB