6d5eadd6e50df1185049d6628e8a2d03427d0e1bff49bc71cf3e7194180de933

Sharing

Copy URL Twitter E-mail

General

Target

6d5eadd6e50df1185049d6628e8a2d03427d0e1bff49bc71cf3e7194180de933
Size

106KB
MD5

01687e2a10891136b23a4c232a77a903
SHA1

b05bf5cca382c12b69b595b72988e2e55d734905
SHA256

6d5eadd6e50df1185049d6628e8a2d03427d0e1bff49bc71cf3e7194180de933
SHA512

ffa77388ecfd579c9d41d8125dce2fee7e4ddd6d4f14d1509e9c322e2efc5ffc476f8d843721faead0ae77aaf8427ca3928e788ad03c7399e2baa71605255543
SSDEEP

3072:dcJIRhV2vhn1MzF6rtLmkKi7inxDkdgaKjJkNcbzCIVnijDN:SJu2h1MzFAtLp4xDkdNcJzCEi9

Score

N/A

Malware Config

Signatures

Files

6d5eadd6e50df1185049d6628e8a2d03427d0e1bff49bc71cf3e7194180de933
.exe windows x86

4de3837acd693f71e8ed3bbc1490f9e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlCompareMemory
IoWMIRegistrationControl
IofCompleteRequest
IofCallDriver
IoDeleteSymbolicLink
IoGetConfigurationInformation
KeFlushQueuedDpcs
IoInvalidateDeviceRelations
KeSetEvent
PsIsThreadTerminating
KeWaitForSingleObject
KeInitializeEvent
IoCreateArcName
KeTickCount
IoFreeMdl
MmUnlockPages
KeDelayExecutionThread
MmProbeAndLockPages
IoAllocateMdl
IoReportTargetDeviceChangeAsynchronous
_allshl
strncmp
IoSetHardErrorOrVerifyDevice
PoQueryWatchdogTime
strchr
_allmul
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
RtlDeleteRegistryValue
RtlQueryRegistryValues
memmove
RtlInitUnicodeString
_allshr
_aullrem
EtwWrite
KeQueryTimeIncrement
_allrem
KeReleaseMutex
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
IoFreeIrp
IoReuseIrp
KeQuerySystemTime
MmBuildMdlForNonPagedPool
KeInitializeMutex
IoAllocateIrp
KeCancelTimer
IoBuildPartialMdl
MmUnmapLockedPages
KeSetTimer
KeInitializeDpc
KeInitializeTimer
KeBugCheckEx
RtlUnwind
MmGetSystemRoutineAddress
memcpy
ExAllocatePoolWithTag
IoWMIWriteEvent
ExFreePoolWithTag
EtwUnregister
RtlCopyUnicodeString
ZwClose
ZwOpenKey
DbgPrint
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
KiBugCheckData
EtwRegister
memset
_vsnwprintf
_alldiv
KeGetCurrentThread

hal

KfAcquireSpinLock
KfLowerIrql
KfRaiseIrql
KfReleaseSpinLock
KeGetCurrentIrql

wdfldr.sys

WdfVersionBind
WdfVersionBindClass
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4de3837acd693f71e8ed3bbc1490f9e5

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

wdfldr.sys

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 2KB

PAGE Size: 47KB - Virtual size: 46KB

PAGE Size: 2KB - Virtual size: 2KB

INIT Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 2KB

PAGE
Size: 47KB - Virtual size: 46KB

PAGE
Size: 2KB - Virtual size: 2KB

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 5KB