Static task
static1
Behavioral task
behavioral1
Sample
1d72ad08175f606d4cac9cf215adc1195c26cad33de78b92c94543a48be62a75.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1d72ad08175f606d4cac9cf215adc1195c26cad33de78b92c94543a48be62a75.exe
Resource
win10v2004-20220812-en
General
-
Target
1d72ad08175f606d4cac9cf215adc1195c26cad33de78b92c94543a48be62a75
-
Size
297KB
-
MD5
078081d9d4ece0a485ece476f50a6720
-
SHA1
398b6c3332850fa4bcbaf9e9671c3d8b8feb7f2b
-
SHA256
1d72ad08175f606d4cac9cf215adc1195c26cad33de78b92c94543a48be62a75
-
SHA512
c8bb91c2dccf940384922f49413848a3b2409869deb09bce8bbe578273598f27d5939ad87d1f127e5d1b64c46b64edccaa82cd8a020869729704262600162ad9
-
SSDEEP
6144:hT5EaniYRjsT1SzUPLA/y3MJyCV9VolxyrgX:fRje4kqy8JD9aHvX
Malware Config
Signatures
Files
-
1d72ad08175f606d4cac9cf215adc1195c26cad33de78b92c94543a48be62a75.exe windows x86
6122d37dea8503e8f21dfb5e85274755
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwQueryValueKey
DbgPrint
ZwOpenKey
InterlockedPopEntrySList
IofCompleteRequest
KeSetEvent
PoSetPowerState
_aullshr
IoFreeWorkItem
IoUnregisterPlugPlayNotification
ObfDereferenceObject
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
memcpy
IoGetDeviceObjectPointer
IoQueueWorkItem
IoAllocateWorkItem
IoRegisterPlugPlayNotification
KeClearEvent
WRITE_REGISTER_ULONG
READ_REGISTER_ULONG
ObReferenceObjectByHandle
MmGetPhysicalAddress
KeCancelTimer
KeSetTimerEx
KeInitializeTimerEx
memmove
KeDelayExecutionThread
_aulldiv
strncpy
strncmp
_purecall
sprintf
_allmul
InterlockedPushEntrySList
RtlCompareMemory
IoInvalidateDeviceRelations
KeSetTimer
ExSystemTimeToLocalTime
KeQuerySystemTime
MmUnmapIoSpace
MmMapIoSpace
RtlWriteRegistryValue
ZwCreateKey
swprintf
KeLeaveCriticalRegion
KeEnterCriticalRegion
MmMapLockedPagesSpecifyCache
ExDeleteNPagedLookasideList
KeBugCheck
PsTerminateSystemThread
KeWaitForMultipleObjects
KeSetPriorityThread
PsCreateSystemThread
ExInitializeNPagedLookasideList
memset
_aulldvrm
PoRequestPowerIrp
PoStartNextPowerIrp
PoCallDriver
IoReleaseRemoveLockEx
IoAcquireRemoveLockEx
IoFreeIrp
IoAllocateIrp
IoGetAttachedDeviceReference
_alldiv
IoDeleteSymbolicLink
IoAttachDeviceToDeviceStack
IoCreateSymbolicLink
IoGetConfigurationInformation
IoInitializeRemoveLockEx
IoCreateDevice
RtlUnicodeStringToInteger
wcsncpy
wcsstr
IoDeleteDevice
IoDetachDevice
_wcsupr
IoGetDeviceProperty
ZwCreateDirectoryObject
KeInitializeDpc
KeInitializeTimer
ExRegisterCallback
ExCreateCallback
IoConnectInterrupt
IoReportResourceForDetection
ExUnregisterCallback
IoDisconnectInterrupt
IoReleaseRemoveLockAndWaitEx
RtlCheckRegistryKey
KeRemoveQueueDpc
KeQueryTimeIncrement
KeTickCount
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
strncat
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ObfReferenceObject
PoRegisterDeviceForIdleDetection
IoInvalidateDeviceState
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoGetDmaAdapter
strstr
RtlCreateRegistryKey
RtlCopyUnicodeString
KeInsertQueueDpc
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
IoRequestDeviceEject
KeBugCheckEx
RtlUnwind
RtlInitUnicodeString
ExAllocatePoolWithTag
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlQueryRegistryValues
_aullrem
ExFreePoolWithTag
hal
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeStallExecutionProcessor
KeGetCurrentIrql
Sections
.text Size: 270KB - Virtual size: 269KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 497KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ