aad835602ba3d8b8ffb5be1792a523438816906da2867b36feccf742e160b2e5

Sharing

Copy URL Twitter E-mail

General

Target

aad835602ba3d8b8ffb5be1792a523438816906da2867b36feccf742e160b2e5
Size

26KB
MD5

23f68f949d5f53a0e5c73f3d334a3eaa
SHA1

678697d60fba5ecc805e396c345bbf3b2937ecb0
SHA256

aad835602ba3d8b8ffb5be1792a523438816906da2867b36feccf742e160b2e5
SHA512

f953024aa50a86b4dccc5e3a44d39224e4f31e37f4064975dad17bd4c07fa0cb40200bf23291f85bcb26bb4ab1906dca72d09c8071767661a019fc7da3df350f
SSDEEP

384:dzLL1MYqxf4PJ+zzAb0WUHFxpDLT74aLcBd1cUfJKxpGCQjYsaOTLi88reAVHZAF:papS4zjNxpDLk31xsJO6JreZ7Yoj/f

Score

N/A

Malware Config

Signatures

Files

aad835602ba3d8b8ffb5be1792a523438816906da2867b36feccf742e160b2e5
.exe windows x86

594201e670145b6bb1396cf33299e015

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
IoGetDeviceObjectPointer
RtlQueryRegistryValues
swprintf
MmPageEntireDriver
MmResetDriverPaging
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeDelayExecutionThread
IoBuildDeviceIoControlRequest
RtlFreeUnicodeString
RtlCompareUnicodeString
ZwClose
KeSetTimer
ObReferenceObjectByHandle
ObfReferenceObject
RtlAnsiStringToUnicodeString
RtlInitAnsiString
sprintf
IoGetDmaAdapter
IoStopTimer
IoDisconnectInterrupt
IoAllocateAdapterChannel
KeResetEvent
IoStartNextPacket
IoSetHardErrorOrVerifyDevice
KeSynchronizeExecution
KeInsertQueueDpc
IoInitializeTimer
RtlInitUnicodeString
IoQueryDeviceDescripthnn=
HoCoonebtInuerrtpu
LlCuildMdlForNonPagedPool
IoAllocateMdl
IoFreeMdl
IoStartPacket
ExfInterlockedRemoveHeadList
ExfInterlockedInsertTailList
KeQuerySystemTime
IoDetachDevice
PoRequestPowerIr�jL�EbfBreakPoint
EbfBreakPoint
RtlCompareMemory
ZwSetValueKey
ZwOpenKey
memmove
IoStartTimer
KeTickCount
IoFreeIrp
IoAllocateIrp
IoGetAttachedDeviceReference
KeBugCheckEx
IofCallDriver
KeWaitForSingleObject
MmMapIoSpace
PoStartNextPowerIrp
PoCallDriver
IofCompleteRequest
ExAllocatePoolWithTag
KeSetEvent
IoCreateDevice
KeInitializeEvent
KeInitializeTimer
KeInitializeSpinLock
IoAttachDeviceToDeviceStack
IoDeleteDevice
KeInitializeDpc
ExFreePoolWithTag

hal

IoMapTransfer
IoFlushAdapterBuffers
HalGetInterruptVector
KfAcquireSpinLock
KfReleaseSpinLock
KeStallExecutionProcessor
KfRaiseIrql
IoFreeAdapterChannel
KfLowerIrql
READ_PORT_UCHAR
WRITE_PORT_UCHAR
ExAcquireFastMutex
ExReleaseFastMutex
HalTranslateBusAddress

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 242B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 384B - Virtual size: 326B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

594201e670145b6bb1396cf33299e015

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 512B - Virtual size: 396B

.data Size: 256B - Virtual size: 242B

PAGE Size: 384B - Virtual size: 326B

INIT Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 512B - Virtual size: 396B

.data
Size: 256B - Virtual size: 242B

PAGE
Size: 384B - Virtual size: 326B

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 1KB - Virtual size: 1KB