51aa326b7d7623ec66f4877d97fb02440ad07c0d7736164baef27f6a4a267e7a

Sharing

Copy URL Twitter E-mail

General

Target

51aa326b7d7623ec66f4877d97fb02440ad07c0d7736164baef27f6a4a267e7a
Size

60KB
MD5

ebf2ae3bea8842b19699b4acf089e004
SHA1

11f1c70ef4439f42dac57f90d5240acbde897065
SHA256

51aa326b7d7623ec66f4877d97fb02440ad07c0d7736164baef27f6a4a267e7a
SHA512

abe024d36610b1a730225204e2b0d83bf1ab921da7116a5345e14f5042f5bae8c3bedc4fdec6e67bbd154f817a92d9dd387af1facd160a29d6b155b302341b1f
SSDEEP

1536:Xgva/fQmNVg11AnTaz+x8tUl6jdXjzrQuv:XgCfQCV81amS+Cl6xXr3

Score

N/A

Malware Config

Signatures

Files

51aa326b7d7623ec66f4877d97fb02440ad07c0d7736164baef27f6a4a267e7a
.exe windows x86

11b1da1a9a04edb9c2afce1a47240563

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeClearEvent
KeSetEvent
KeWaitForSingleObject
RtlCopyUnicodeString
ExAllocatePoolWithTag
KeSetTimer
KeSynchronizeExecution
InterlockedIncrement
READ_REGISTER_ULONG
KeCancelTimer
KeDelayExecutionThread
InterlockedPushEntrySList
IofCompleteRequest
IoCreateUnprotectedSymbolicLink
IoCreateDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
RtlInitUnicodeString
ExfInterlockedInsertTailList
IoFreeMdl
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmMapLockedPagesSpecifyCache
ExfInterlockedRemoveHeadList
IoStartNextPacket
KefAcquireSpinLockAtDpcLevel
InterlockedPopEntrySList
IoStartPacket
InterlockedExchange
ZwClose
KefReleaseSpinLockFromDpcLevel
IoOpenDeviceRegistryKey
ZwSetValueKey
PoStartNextPowerIrp
PoRequestPowerIrp
PoCallDriver
IoFreeIrp
IofCallDriver
KeInitializeEvent
IoAllocateIrp
ZwOpenKey
swprintf
IoGetDeviceProperty
ExDeleteNPagedLookasideList
MmUnmapIoSpace
IoDisconnectInterrupt
IoCancelIrp
PoSetPowerState
IoConnectInterrupt
ExInitializeNPagedLookasideList
KeInitializeTimer
KeInitializeDpc
IoGetDmaAdapter
KeInitializeSpinLock
MmMapIoSpace
IoDeleteDevice
IoDetachDevice
IoDeleteSymbolicLink
IoSetDeviceInterfaceState
RtlFreeUnicodeString
IoRegisterDeviceInterface
KeInitializeDeviceQueue
IoAttachDeviceToDeviceStack
KeInsertQueueDpc
KeQueryInterruptTime
MmUnmapLockedPages
KeTickCount
KeBugCheckEx
WRITE_REGISTER_ULONG
ZwQueryValueKey
ExFreePool
ProbeForRead
ExAllocatePoolWithQuotaTag
RtlUnwind

hal

KfLowerIrql
KeStallExecutionProcessor
KfRaiseIrql
KeGetCurrentIrql
KfReleaseSpinLock
KfAcquireSpinLock

1394bus.sys

Bus1394RegisterPortDriver

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECONS
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11b1da1a9a04edb9c2afce1a47240563

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

1394bus.sys

wmilib.sys

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 640B - Virtual size: 584B

.data Size: 128B - Virtual size: 112B

PAGE Size: 3KB - Virtual size: 3KB

PAGECONS Size: 128B - Virtual size: 16B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 640B - Virtual size: 584B

.data
Size: 128B - Virtual size: 112B

PAGE
Size: 3KB - Virtual size: 3KB

PAGECONS
Size: 128B - Virtual size: 16B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 1KB - Virtual size: 1KB