6bd7329980e72e1d341aea5b090bcd53caf465b2fd4de7c511e63922d7eb29f0

Sharing

Copy URL

Twitter E-mail

General

Target

6bd7329980e72e1d341aea5b090bcd53caf465b2fd4de7c511e63922d7eb29f0
Size

42KB
MD5

e42f03d1081c4f60d3db6c38235b1456
SHA1

532950938b99dc42596cb2bf349e9f617a583f2e
SHA256

6bd7329980e72e1d341aea5b090bcd53caf465b2fd4de7c511e63922d7eb29f0
SHA512

b03379efdb67d1176d56960d428d2b4e476f427aba425c23374b688af468f8f356e7163b4ab907e2537bfc4745b1cccdd3767b46cfbcbcd005a903338103f258
SSDEEP

768:Nolx4QKxyr6OQoqMp1gh9g3XXPYCu/TcDA/EPf9bUcoILQsiD:Y7ayVQoHp1wMPYbTGZgjD

Score

N/A

Malware Config

Signatures

Files

6bd7329980e72e1d341aea5b090bcd53caf465b2fd4de7c511e63922d7eb29f0
.exe windows x86

d1f3a060d7fd746d2702e4d3874d3c7c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoWMIRegistrationControl
IoDeleteDevice
IoDetachDevice
IoCancelIrp
KeInitializeDpc
KeInitializeTimer
KeInitializeSpinLock
MmUnlockPagableImageSection
DbgPrint
DbgBreakPoint
MmLockPagableDataSection
KeDelayExecutionThread
ZwOpenKey
ExAllocatePoolWithQuotaTag
MmLockPagableSectionByHandle
MmQuerySystemSize
KeWaitForSingleObject
KeQuerySystemTime
KeSetEvent
KeInsertQueueDpc
KeSetTimer
IofCallDriver
PoCallDriver
KeCancelTimer
RtlDeleteRegistryValue
memmove
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
KeRemoveQueueDpc
IoCreateSymbolicLink
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
wcslen
ZwClose
IoOpenDeviceRegistryKey
KeInitializeEvent
IoCreateDevice
RtlIntegerToUnicodeString
RtlInitUnicodeString
IoAttachDeviceToDeviceStack
IoGetConfigurationInformation
ZwQueryValueKey
PoSetPowerState
PoStartNextPowerIrp
KeClearEvent
PoRequestPowerIrp
IoBuildDeviceIoControlRequest
IoFreeIrp
IoAllocateIrp
_except_handler3
RtlQueryRegistryValues
ExFreePoolWithTag
RtlUnicodeStringToAnsiString
atol
RtlFreeUnicodeString
RtlFreeAnsiString
_allmul
MmUnmapIoSpace
RtlWriteRegistryValue
ExAllocatePoolWithTag
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
IoDeleteSymbolicLink
IofCompleteRequest

hal

ExReleaseFastMutex
KfAcquireSpinLock
READ_PORT_UCHAR
ExAcquireFastMutex
KfReleaseSpinLock
KeGetCurrentIrql

wmilib.sys

WmiSystemControl
WmiCompleteRequest

usbd.sys

USBD_CreateConfigurationRequest
_USBD_ParseConfigurationDescriptorEx@28
_USBD_CreateConfigurationRequestEx@8

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 730B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1f3a060d7fd746d2702e4d3874d3c7c

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

wmilib.sys

usbd.sys

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 768B - Virtual size: 730B

.data Size: 512B - Virtual size: 408B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 952B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 768B - Virtual size: 730B

.data
Size: 512B - Virtual size: 408B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 1KB - Virtual size: 1KB