08498004526dc30e0ed251699f5d47ed704e09241ed5c86878637616476ec929

Sharing

Copy URL Twitter E-mail

General

Target

08498004526dc30e0ed251699f5d47ed704e09241ed5c86878637616476ec929
Size

70KB
MD5

10fab22c315b19d5cd61d6808d983168
SHA1

54194fb540254bbfb0159bd838b996108cc65734
SHA256

08498004526dc30e0ed251699f5d47ed704e09241ed5c86878637616476ec929
SHA512

cff91c095ee42b47153065180f15ef09297e144635d75dc6dcdc770a10c65f8507302e94d73dcf6705c5773fbb2ea7a9ce01aafbc0d9e5fe6968f2502a8647a0
SSDEEP

1536:juKHGFGyYf9PmE3W9I/sHyFyqOrA1hAuHaXByJ/r:aAyYkSgqkuHaxy

Score

N/A

Malware Config

Signatures

Files

08498004526dc30e0ed251699f5d47ed704e09241ed5c86878637616476ec929
.exe windows x86

36f533b55d93b1bc97d8cc3d79500c6d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoFreeWorkItem
IoQueueWorkItem
_vsnwprintf
KeFlushQueuedDpcs
KeCancelTimer
KeDelayExecutionThread
KeInitializeDpc
KeInitializeTimer
IoAllocateWorkItem
KeInitializeMutex
KeSetEvent
IoGetIrpExtraCreateParameter
MmUnlockPages
IoFreeMdl
KeReleaseSemaphore
MmProbeAndLockPages
KeReleaseInStackQueuedSpinLockFromDpcLevel
KeSetTimer
IoWMIWriteEvent
MmGetSystemRoutineAddress
IoWMIRegistrationControl
IoGetCurrentProcess
KeQueryMaximumProcessorCount
KeQuerySystemTime
RtlCopyUnicodeString
KeTickCount
KeBugCheckEx
RtlUnwind
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
ObfDereferenceObject
RtlInitUnicodeString
ExCreateCallback
KeReleaseMutex
RtlCompareMemory
IoCreateDevice
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoDeleteDevice
KeInitializeSemaphore
IoFileObjectType
ObReferenceObjectByHandle
MmMapLockedPagesSpecifyCache
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
memcpy
ExAllocatePoolWithTag
ObDereferenceSecurityDescriptor
SeLockSubjectContext
IoGetFileObjectGenericMapping
SeAssignSecurity
SeUnlockSubjectContext
ObLogSecurityDescriptor
ExFreePoolWithTag
IoGetTopLevelIrp
memset
KeInitializeEvent
ExNotifyCallback
PsGetCurrentProcess
KeWaitForSingleObject
IofCompleteRequest
RtlUnicodeStringToInteger
RtlGetCallersAddress
ExAllocatePoolWithTagPriority
KeAcquireInStackQueuedSpinLockAtDpcLevel
IoInitializeWorkItem
IoSizeofWorkItem
IoUninitializeWorkItem
IoQueueWorkItemEx
IoAllocateMdl
KeGetCurrentThread

hal

KeAcquireInStackQueuedSpinLock
KeGetCurrentIrql
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeReleaseInStackQueuedSpinLock

netio.sys

NmrRegisterProvider
RtlCopyMdlToMdl
RtlCopyBufferToMdl
NsiGetParameter
NsiFreeTable
NsiAllocateAndGetTable
NmrClientDetachProviderComplete
NmrClientAttachProvider
NsiDeregisterChangeNotification
NsiSetAllParameters
NmrProviderDetachClientComplete
NmrDeregisterProvider
NmrWaitForProviderDeregisterComplete
RtlCopyMdlToBuffer
NmrRegisterClient
NsiRegisterChangeNotification
NsiGetAllParameters
NmrDeregisterClient
NmrWaitForClientDeregisterComplete

tdi.sys

TdiDeregisterProvider
TdiProviderReady
TdiRegisterProvider
TdiDeregisterDeviceObject
TdiDeregisterNetAddress
TdiRegisterDeviceObject
TdiRegisterNetAddress
TdiPnPPowerRequest
TdiMapUserRequest

ndis.sys

NdisIfGetInterfaceIndexFromNetLuid

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 910B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36f533b55d93b1bc97d8cc3d79500c6d

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

netio.sys

tdi.sys

ndis.sys

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 928B

PAGE Size: 1024B - Virtual size: 910B

INIT Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 928B

PAGE
Size: 1024B - Virtual size: 910B

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 4KB - Virtual size: 3KB