ab8f4b2847d87a400eb28b9dbcdeea4db5db41ae54e8e4a125ab25fa847ba4a7

Sharing

Copy URL Twitter E-mail

General

Target

ab8f4b2847d87a400eb28b9dbcdeea4db5db41ae54e8e4a125ab25fa847ba4a7
Size

798KB
MD5

e0548253fd71f7f80e9fce0340fb6500
SHA1

3a54038a4a29ea9572c783e7d49c30f18fbd424d
SHA256

ab8f4b2847d87a400eb28b9dbcdeea4db5db41ae54e8e4a125ab25fa847ba4a7
SHA512

06b71a75acb76425c26b3be9b0b3c6119918848ab5dba2c70e2d558203202bff2b634e0fa74cb63a265a78731fdf2d8356b170b6aa85d3ad5b1e05059d6d4cbe
SSDEEP

12288:/NIOmg0NX5Y9OCX53kVu54BzAbitNcmf9eBaueyVvzcWOq5QEfUTe11D:/NFmNYPBkCWpNcmf9a3eyVvzkqGBe1l

Score

N/A

Malware Config

Signatures

Files

ab8f4b2847d87a400eb28b9dbcdeea4db5db41ae54e8e4a125ab25fa847ba4a7
.exe windows x86

130437ae0da3ee6688953112c148ab35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
MmLockPagableDataSection
PoSetPowerState
IoAttachDeviceToDeviceStack
KeSetEvent
IoCancelIrp
IofCompleteRequest
IoSetDeviceInterfaceState
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
PoStartNextPowerIrp
PoCallDriver
KeClearEvent
PoRequestPowerIrp
KeInitializeDpc
KeInitializeTimer
KeInitializeSpinLock
IoCreateDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
RtlInitUnicodeString
RtlDeleteRegistryValue
IoDeleteSymbolicLink
MmUnlockPagableImageSection
IoCreateSymbolicLink
ZwClose
IoOpenDeviceRegistryKey
IoDeleteDevice
IoIsWdmVersionAvailable
KeRemoveQueueDpc
KeCancelTimer
IoDetachDevice
IoCreateUnprotectedSymbolicLink
KeSynchronizeExecution
PsCreateSystemThread
ZwOpenKey
PoUnregisterSystemState
PoRegisterSystemState
KeInsertQueueDpc
PsTerminateSystemThread
ZwWriteFile
ZwCreateFile
MmQuerySystemSize
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
memmove
RtlQueryRegistryValues
KeQuerySystemTime
KeSetTimer
InterlockedExchange
RtlWriteRegistryValue
IoRegisterDeviceInterface
IoGetDmaAdapter
IoBuildDeviceIoControlRequest
IoConnectInterrupt
IoDisconnectInterrupt
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
ZwQueryValueKey
ZwSetValueKey
KeQueryInterruptTime
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlInitAnsiString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
wcschr
ZwCreateKey
MmUnmapIoSpace
MmMapIoSpace
sprintf
ExFreePool

hal

KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
KfRaiseIrql

Sections

.text
Size: 648KB - Virtual size: 648KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGESER
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

130437ae0da3ee6688953112c148ab35

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 648KB - Virtual size: 648KB

.data Size: 87KB - Virtual size: 87KB

PAGESER Size: 16KB - Virtual size: 16KB

INIT Size: 3KB - Virtual size: 3KB

.rsrc Size: 928B - Virtual size: 928B

.reloc Size: 40KB - Virtual size: 40KB

.text
Size: 648KB - Virtual size: 648KB

.data
Size: 87KB - Virtual size: 87KB

PAGESER
Size: 16KB - Virtual size: 16KB

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 928B - Virtual size: 928B

.reloc
Size: 40KB - Virtual size: 40KB