b0d882e143bb1493aaccb09266f299836a9694a6f5587a407d46ad6aebb2965f

Sharing

Copy URL

Twitter E-mail

General

Target

b0d882e143bb1493aaccb09266f299836a9694a6f5587a407d46ad6aebb2965f
Size

149KB
MD5

09c31bce3e654525065143ea31c521fa
SHA1

f54076d10d516afca4389966618e905a4b17e296
SHA256

b0d882e143bb1493aaccb09266f299836a9694a6f5587a407d46ad6aebb2965f
SHA512

b2ae6f20145d386b7f94de189e5dd32ae5c362cbe2369ce1dcb8a5c29b6bc7720b5ebc0f276c24d0fbd8042e9309035bfa237d452c3f5e4e4f29384ee76f97d5
SSDEEP

3072:RP+1wyyBw0iQM+jCc10YiYtlxpq2jGIKwJkXkzmA5wrH0vreqD0d:Z+12w0TM0il2dKoIkzP58Cm

Score

N/A

Malware Config

Signatures

Files

b0d882e143bb1493aaccb09266f299836a9694a6f5587a407d46ad6aebb2965f
.exe windows x86

36d1d1a79a966dff6d007e85983dbf9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCallDriver
KeGetCurrentThread
KeDelayExecutionThread
IoBuildAsynchronousFsdRequest
ObfReferenceObject
IoAllocateIrp
MmBuildMdlForNonPagedPool
IoBuildPartialMdl
MmGetPhysicalAddress
IoAllocateMdl
_allshr
KeInitializeEvent
KeWaitForSingleObject
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
_except_handler3
MmUnmapLockedPages
IofCompleteRequest
memmove
KeSetEvent
ProbeForRead
ProbeForWrite
KeTickCount
PsCreateSystemThread
KeInitializeSemaphore
FsRtlIsTotalDeviceFailure
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlInitUnicodeString
swprintf
RtlCopyUnicodeString
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
IoAttachDeviceToDeviceStack
PoCallDriver
PoStartNextPowerIrp
RtlVerifyVersionInfo
VerSetConditionMask
IoBuildDeviceIoControlRequest
IoBuildSynchronousFsdRequest
IoGetAttachedDeviceReference
RtlFreeUnicodeString
IoGetDeviceObjectPointer
ObfDereferenceObject
RtlInitAnsiString
RtlAppendUnicodeStringToString
RtlStringFromGUID
IoFreeIrp
RtlFreeAnsiString
IoDeleteSymbolicLink
strncmp
RtlUnicodeStringToAnsiString
wcsncmp
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwQueryValueKey
ZwOpenKey
IoGetDeviceProperty
RtlCompareMemory
IoWritePartitionTableEx
_allmul
IoReadPartitionTableEx
IoRegisterDriverReinitialization
IoReportDetectedDevice
IoCreateSynchronizationEvent
IoWriteErrorLogEntry
strncpy
IoAllocateErrorLogEntry
InterlockedPopEntrySList
InterlockedPushEntrySList
ExInitializeNPagedLookasideList
IoCreateDevice
IoCreateSymbolicLink
ZwCreateDirectoryObject
ZwMakeTemporaryObject
isdigit
PoRequestPowerIrp
PoSetPowerState
IoWMIRegistrationControl
wcslen
KeBugCheckEx
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
KeInitializeSpinLock
IoDeleteDevice
MmUnlockPages
RtlAnsiStringToUnicodeString
IoFreeMdl
IoInvalidateDeviceRelations
KeQuerySystemTime
IoVolumeDeviceToDosName
KeReleaseSemaphore
KeInitializeDpc
KeInitializeTimer
KeSetTimer
PsTerminateSystemThread
_aulldvrm
IoRaiseInformationalHardError
_allrem
_alldiv
_alldvrm
ZwClose
sprintf

hal

ExAcquireFastMutex
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
ExReleaseFastMutex

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36d1d1a79a966dff6d007e85983dbf9e

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

wmilib.sys

Sections

.text Size: 118KB - Virtual size: 118KB

.rdata Size: 896B - Virtual size: 820B

.data Size: 14KB - Virtual size: 14KB

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 3KB - Virtual size: 2KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 118KB - Virtual size: 118KB

.rdata
Size: 896B - Virtual size: 820B

.data
Size: 14KB - Virtual size: 14KB

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 5KB