General

Malware Config

Signatures

Files

• 9dd76b616fb58538e3b7bca85209e615ca9ed49d8da00a4743712d8b4d6033cf

  .exe windows x86

  ce58e8d5f469de446f5050b0cddebc65

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  ntoskrnl.exe

  KeInitializeEvent

  ZwQueryValueKey

  RtlInitUnicodeString

  RtlQueryRegistryValues

  RtlWriteRegistryValue

  wcslen

  RtlIntegerToUnicodeString

  IoFreeWorkItem

  ZwPowerInformation

  IoBuildSynchronousFsdRequest

  KeSetEvent

  KeRevertToUserAffinityThread

  KeSetSystemAffinityThread

  KeQueryActiveProcessors

  MmMapIoSpace

  ZwClose

  RtlEqualUnicodeString

  ZwOpenKey

  MmUnmapIoSpace

  IoQueueWorkItem

  IoAllocateWorkItem

  _snwprintf

  RtlAnsiStringToUnicodeString

  RtlInitAnsiString

  IoDetachDevice

  IoDeleteDevice

  IoAttachDeviceToDeviceStack

  IoBuildDeviceIoControlRequest

  KeInitializeSpinLock

  IoCreateDevice

  ExUnregisterCallback

  IofCompleteRequest

  KefAcquireSpinLockAtDpcLevel

  IoReleaseCancelSpinLock

  KeClearEvent

  KeNumberProcessors

  ExRegisterCallback

  ExCreateCallback

  RtlCopyUnicodeString

  KeDelayExecutionThread

  READ_REGISTER_UCHAR

  READ_REGISTER_USHORT

  READ_REGISTER_ULONG

  WRITE_REGISTER_UCHAR

  WRITE_REGISTER_USHORT

  WRITE_REGISTER_ULONG

  PoCallDriver

  PoStartNextPowerIrp

  PoRequestPowerIrp

  MmLockPagableDataSection

  MmUnlockPagableImageSection

  IoWMIRegistrationControl

  swprintf

  IoWriteErrorLogEntry

  IoAllocateErrorLogEntry

  IofCallDriver

  KeWaitForSingleObject

  KeBugCheckEx

  KeTickCount

  MmGetPhysicalAddress

  _allmul

  _alldiv

  ExAllocatePoolWithTag

  ExFreePoolWithTag

  KeInitializeDpc

  KeInitializeTimer

  strncpy

  PoSetPowerState

  KeSetTimer

  hal

  READ_PORT_USHORT

  KfReleaseSpinLock

  KeStallExecutionProcessor

  WRITE_PORT_ULONG

  WRITE_PORT_USHORT

  READ_PORT_ULONG

  WRITE_PORT_UCHAR

  READ_PORT_UCHAR

  HalSetBusDataByOffset

  KfAcquireSpinLock

  KeQueryPerformanceCounter

  wmilib.sys

  WmiCompleteRequest

  WmiSystemControl

  WmiFireEvent

  Sections

  .text

  Size: 9KB - Virtual size: 9KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 768B - Virtual size: 735B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  PAGE

  Size: 12KB - Virtual size: 12KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  PAGELK

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  INIT

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 9KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ