10a2dacf944bd000032eba8c095cb3d879cc55b28c377adf6e52e508e47444db

Sharing

Copy URL Twitter E-mail

General

Target

10a2dacf944bd000032eba8c095cb3d879cc55b28c377adf6e52e508e47444db
Size

16KB
MD5

fdbb1d60066fcfbb7452fd8f9829b242
SHA1

9f85b3c30ff634d23e711cc694750d5d8ad14419
SHA256

10a2dacf944bd000032eba8c095cb3d879cc55b28c377adf6e52e508e47444db
SHA512

86dc8767582379199c92c638b4010b2f324dc124dc8ce35eaa0cbc438dedcc0f6342fc4f70d3b47c0c44f73cfc62ce44ac6baeabd28dff64d8b69d09ac21d4d7
SSDEEP

384:LSu0c9TDRvKrxIEec4aCek626ELIDMSBmgaiaUnW85W:bVHI8c4Ak62xL+MSDaitf

Score

N/A

Malware Config

Signatures

Files

10a2dacf944bd000032eba8c095cb3d879cc55b28c377adf6e52e508e47444db
.exe windows x86

0c58134d4fe3154f16bfc2f80d1dd6e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmMapLockedPages
KeQuerySystemTime
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
ZwOpenKey
ZwEnumerateKey
ZwQueryValueKey
ZwClose
ZwSetValueKey
RtlIntegerToUnicodeString
RtlInitUnicodeString
RtlAppendUnicodeStringToString
ZwCreateFile
InterlockedPushEntrySList
InterlockedPopEntrySList
IoFreeMdl
KeInitializeSpinLock

hal

KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
KfRaiseIrql

ndis.sys

NdisScheduleWorkItem
NdisAllocatePacketPool
NdisAllocatePacket
NdisFreePacket
NdisInitializeWrapper
NdisMCoSendComplete
NdisCopyBuffer
NdisMCoIndicateReceivePacket
NdisMCoReceiveComplete
NdisMSetAttributesEx
NdisMCmRegisterAddressFamily
NdisUnchainBufferAtFront
NdisCloseConfiguration
NdisReadConfiguration
NdisFreePacketPool
NdisCmCloseCallComplete
NdisAllocateMemoryWithTag
NdisFreeMemory
NdisFreeBufferPool
NdisAllocateBuffer
NdisAllocateBufferPool
NdisCmCloseAddressFamilyComplete
NdisCmOpenAddressFamilyComplete
NdisMSleep
NdisCmRegisterSapComplete
NdisMCmDeleteVc
NdisMRegisterMiniport
NdisCmDeregisterSapComplete
NdisMCmDeactivateVc
NdisCmMakeCallComplete
NdisMCmActivateVc
NdisCmDispatchIncomingCloseCall
NdisCmDispatchCallConnected
NdisCmDispatchIncomingCall
NdisMCmCreateVc
NdisTerminateWrapper
NdisOpenConfiguration

ptilink.sys

PtiInitialize
PtiQueryDeviceStatus
PtiWrite
PtiRegisterCallbacks

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 335B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 506B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c58134d4fe3154f16bfc2f80d1dd6e3

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

ptilink.sys

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 384B - Virtual size: 335B

.data Size: 640B - Virtual size: 628B

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 506B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 384B - Virtual size: 335B

.data
Size: 640B - Virtual size: 628B

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 506B