1094f589e6afb4231fe24428509b831906e8387a942292b983d243c5089be156

Sharing

Copy URL

Twitter E-mail

General

Target

1094f589e6afb4231fe24428509b831906e8387a942292b983d243c5089be156
Size

74KB
MD5

4bed0c4a90b8a6f40cd84e3642060418
SHA1

bb736151856fccec632c931ea65889f17ac0df6a
SHA256

1094f589e6afb4231fe24428509b831906e8387a942292b983d243c5089be156
SHA512

f3b05b4395a845c2d0e463e4692d885ef34da2129bc3d7aa776a8e73e97b7445975be7b32447ea92534cda8d82fccbdd4835ba23801aa6c53ad1c6c02252b632
SSDEEP

1536:9AccW0ehpI+B6b3nr7EHiZ8jx7TeZ6tQL2wgqJaQo2eYAqyhh0Yfh8AR:9AccW0e/I+sb3nr7Ed7Y++Q7Qo2ephxd

Score

N/A

Malware Config

Signatures

Files

1094f589e6afb4231fe24428509b831906e8387a942292b983d243c5089be156
.exe windows x86

076aeedc930bd9c6592674b68958b895

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlAppendUnicodeStringToString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlAppendUnicodeToString
ExFreePoolWithTag
ExAllocatePoolWithTag
IoReleaseRemoveLockEx
IoAcquireRemoveLockEx
DbgBreakPoint
DbgPrint
ExRegisterCallback
ExCreateCallback
RtlCopyUnicodeString
_allmul
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoSetDeviceInterfaceState
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
IoWMIRegistrationControl
ObfDereferenceObject
PoStartNextPowerIrp
PoRequestPowerIrp
PoSetPowerState
PoCallDriver
IoInvalidateDeviceRelations
PsTerminateSystemThread
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
KeTickCount
KeQueryTimeIncrement
IoReportResourceForDetection
KeReleaseSemaphore
KeInitializeSemaphore
IoAcquireCancelSpinLock
KeClearEvent
ObfReferenceObject
_snwprintf
wcslen
_snprintf
IoFreeWorkItem
IoDeleteSymbolicLink
KeDelayExecutionThread
ZwSetValueKey
IoOpenDeviceRegistryKey
swprintf
wcscmp
IoCreateUnprotectedSymbolicLink
IoCreateDevice
IoQueueWorkItem
IoAllocateWorkItem
memmove
strstr
_alldiv
ExUnregisterCallback
ZwQueryValueKey
IoDisconnectInterrupt
KeInsertQueueDpc
RtlIntegerToUnicodeString
RtlUnicodeStringToInteger
IofCompleteRequest
RtlCompareMemory
IoCancelIrp
IoConnectInterrupt
IoFreeIrp
IoAllocateIrp
sprintf
KeInitializeDpc
IoInitializeRemoveLockEx
KeSynchronizeExecution
RtlInitUnicodeString
RtlQueryRegistryValues
RtlWriteRegistryValue
RtlDeleteRegistryValue
IoBuildDeviceIoControlRequest
IofCallDriver
KeWaitForSingleObject
KeSetEvent
_except_handler3
IoRegisterDeviceInterface
IoAttachDeviceToDeviceStack
KeInitializeEvent
IoGetConfigurationInformation
RtlFreeUnicodeString
IoDeleteDevice
IoReleaseCancelSpinLock
KeReadStateSemaphore

hal

KfLowerIrql
KeQueryPerformanceCounter
KeGetCurrentIrql
READ_PORT_BUFFER_ULONG
WRITE_PORT_BUFFER_ULONG
WRITE_PORT_BUFFER_UCHAR
KfRaiseIrql
ExAcquireFastMutex
ExReleaseFastMutex
KeStallExecutionProcessor
WRITE_PORT_UCHAR
READ_PORT_BUFFER_UCHAR
READ_PORT_UCHAR

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEPARW
Size: 256B - Virtual size: 193B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

076aeedc930bd9c6592674b68958b895

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

wmilib.sys

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 1KB

PAGEPARW Size: 256B - Virtual size: 193B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 1KB

PAGEPARW
Size: 256B - Virtual size: 193B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 3KB