a80ca0bde415be21e24a16fc7001e61a5cc90028b6d433a025117037148c58f7

Sharing

Copy URL Twitter E-mail

General

Target

a80ca0bde415be21e24a16fc7001e61a5cc90028b6d433a025117037148c58f7
Size

23KB
MD5

869c443c6544f74dc6a1484b9a6d1fc7
SHA1

4ed0289c93d3d8a93d189c8057af8cfb5cc7dcab
SHA256

a80ca0bde415be21e24a16fc7001e61a5cc90028b6d433a025117037148c58f7
SHA512

d2ca6165b6eab2ec00e6b3352e5cf40f782cafd759d66c52a2671e40353445f199ec12ec67e6c32a7b7ce81147f66f920dec43c0e529c8aaa9dca00210226a8a
SSDEEP

384:W4AI43Fe1CB6CJXN9hz9IsUgKEqBK0b3yW02AvNNgYm:W431CvdtlK162AI

Score

N/A

Malware Config

Signatures

Files

a80ca0bde415be21e24a16fc7001e61a5cc90028b6d433a025117037148c58f7
.exe windows x86

436c575c7f03e9efab47f60f8abcf180

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsGetVersion
KeDetachProcess
KeInsertQueueApc
KeInitializeApc
ObReferenceObjectByHandle
ZwOpenThread
KeQuerySystemTime
KeWaitForSingleObject
KeInitializeEvent
_allrem
_alldiv
_aullrem
_allmul
_aulldiv
ExfInterlockedRemoveHeadList
IofCompleteRequest
InterlockedExchange
ExfInterlockedInsertTailList
KeInitializeSpinLock
wcslen
IoCreateSymbolicLink
IoCreateDevice
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlCompareMemory
IoDeleteDevice
IoDeleteSymbolicLink
KeDelayExecutionThread
KeSetEvent
ZwSetValueKey
ZwCreateKey
ZwOpenKey
strncat
KeResetEvent
ZwQueryValueKey
ZwEnumerateKey
PsTerminateSystemThread
KeClearEvent
PsCreateSystemThread
KeGetCurrentThread
PsGetCurrentThreadId
DbgPrint
MmMapLockedPages
IoFreeMdl
NtQueryInformationFile
mbstowcs
MmIsAddressValid
memmove
_strnicmp
NtQuerySystemInformation
IoCreateFile
NtReadFile
PsLookupProcessByProcessId
KeAttachProcess
ZwQueryInformationProcess
_wcsicmp
_except_handler3
PsGetCurrentProcessId
ZwOpenProcess
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
RtlFreeUnicodeString
RtlInitUnicodeString
_stricmp
ZwQuerySystemInformation
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ZwOpenFile
ExAllocatePoolWithTag
ZwReadFile
ExFreePool
ZwClose
ZwQueryInformationFile

hal

KfRaiseIrql
KeQueryPerformanceCounter
KfReleaseSpinLock
KfAcquireSpinLock
KfLowerIrql

ndis.sys

NdisRegisterProtocol
NdisDeregisterProtocol
NdisWaitEvent
NdisAllocatePacketPool
NdisSystemProcessorCount
NdisFreePacket
NdisOpenAdapter
NdisResetEvent
NdisCloseAdapter
NdisSetEvent
NdisFreePacketPool
NdisUnchainBufferAtFront
NdisDprFreePacket
NdisAllocateBuffer
NdisDprAllocatePacket
NdisInitializeEvent
NdisAllocatePacket

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

436c575c7f03e9efab47f60f8abcf180

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 17KB - Virtual size: 17KB

.data Size: 640B - Virtual size: 552B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 17KB

.data
Size: 640B - Virtual size: 552B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB