bfcee45bf2e85b449daa37722ec3b3eb35ace98ad4fc5e0984aeb2705ecb5b70

Sharing

Copy URL

Twitter E-mail

General

Target

bfcee45bf2e85b449daa37722ec3b3eb35ace98ad4fc5e0984aeb2705ecb5b70
Size

86KB
MD5

10119ed5e815bbf1620d93f294e92ab0
SHA1

ebecae243c1dbae9b84a36c0cd5f682716f8e2f8
SHA256

bfcee45bf2e85b449daa37722ec3b3eb35ace98ad4fc5e0984aeb2705ecb5b70
SHA512

34e3281783448dabf99bf70d411067702811b273ed3127bb2ae5fc2ff445fa8ab0134a89860467a65b9448180a8ebf3ff2d10e9f4bb2395f35de5f40078ede54
SSDEEP

1536:PKKUBKB+HeL5porREVxCEhlNpu+34OHGJ1R0QiFWlNGMdSLqiCPmy1TXBNKeo:PKKXB+Ho5porRExA+3W09FaGiqEP71j

Score

N/A

Malware Config

Signatures

Files

bfcee45bf2e85b449daa37722ec3b3eb35ace98ad4fc5e0984aeb2705ecb5b70
.exe windows x86

0c196a39e49448eec56c97b88e655f5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlLengthSecurityDescriptor
ObFindHandleForObject
RtlCompareUnicodeString
MmUnmapViewInSystemSpace
RtlInitString
RtlImageNtHeader
RtlFreeUnicodeString
KeRemoveQueue
MmIsAddressValid
IoRegisterShutdownNotification
ZwMapViewOfSection
ExAllocatePool
RtlAnsiStringToUnicodeString
memcpy
LsaLogonUser
MmUnmapViewOfSection
ObOpenObjectByName
CcPreparePinWrite
ZwCreateSection
ZwCreateFile
ExFreePool
ZwOpenFile

classpnp.sys

ClassWmiCompleteRequest
ClassSetMediaChangeState
ClassReadDriveCapacity
ClassCompleteRequest
ClassDeleteSrbLookasideList
ClassGetDescriptor
ClassModeSense
ClassNotifyFailurePredicted
ClassWmiFireEvent
ClassSpinDownPowerHandler
ClassEnableMediaChangeDetection
ClassSendIrpSynchronous
ClassMarkChildrenMissing
ClassGetVpb
ClassClaimDevice
ClassGetDriverExtension
ClassMarkChildMissing
ClassInternalIoControl

hal

HalAssignSlotResources
HalAllocateCommonBuffer
KeLowerIrql
HalSetRealTimeClock
HalAdjustResourceList
READ_PORT_BUFFER_USHORT
HalTranslateBusAddress
KeAcquireQueuedSpinLockRaiseToSynch
KfReleaseSpinLock
HalProcessorIdle
KeAcquireSpinLockRaiseToSynch

Exports

Exports

JcQtnpVais
SwIrjkfrLwmtgZkpeiMa
GcatmyVkuozRao
SskmwcoMlvi
FzfexnhNbdmoxZzzgqPns

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c196a39e49448eec56c97b88e655f5c

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

classpnp.sys

hal

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 37KB - Virtual size: 112KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 56B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 37KB - Virtual size: 112KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 56B