681a2fdfdb8c5d7290ec470bcef450916863048a1116e6c7da1e0020ebe5fc30

Sharing

Copy URL Twitter E-mail

General

Target

681a2fdfdb8c5d7290ec470bcef450916863048a1116e6c7da1e0020ebe5fc30
Size

77KB
MD5

5f176524411440da1e2626c707d08887
SHA1

0a2111fb642066e4253260934dbed9d5300209c9
SHA256

681a2fdfdb8c5d7290ec470bcef450916863048a1116e6c7da1e0020ebe5fc30
SHA512

1bf9db678fcc378c636c5260bbdbb1c96d753b5794b17d91c0a687b729165e8502095b30406d6257d666d3d686cbc6e340f8b9b5ba85fbd02dd5925cc078b040
SSDEEP

1536:t3GgZMFEkEVLsLFF7tFE3PGc3nxA31kTdRQ7qNuS+:t3GgqEkE5gRqfGchAFCRP

Score

N/A

Malware Config

Signatures

Files

681a2fdfdb8c5d7290ec470bcef450916863048a1116e6c7da1e0020ebe5fc30
.exe windows x86

ca20e0e017d61a3b6d28319f988fa733

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoAcquireCancelSpinLock
RtlAppendUnicodeStringToString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlAppendUnicodeToString
ExAllocatePoolWithTag
ExFreePoolWithTag
IoReleaseRemoveLockEx
IoAcquireRemoveLockEx
DbgPrint
ExRegisterCallback
ExCreateCallback
RtlCopyUnicodeString
_allmul
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoSetDeviceInterfaceState
EmClientQueryRuleState
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
IoWMIRegistrationControl
ObfDereferenceObject
PoStartNextPowerIrp
PoRequestPowerIrp
PoSetPowerState
PoCallDriver
IoInvalidateDeviceRelations
PsTerminateSystemThread
ZwClose
ObSfdepdlbdOchg`tCyHandnd
RsBsg`vdQ{rtdnTjsdbd
JdUi`kCounu
KdRvgpxUileJn`sdmgmv
mgmapx
KoRdslrwQerowrbdUsbgd
KfRyn`hrllhzdExd`utimn
JeIojukbljyeQem`qknse
JdRfadQwateSdm`pkopd
HeCldcrGtfnv
^vqnrqjntf
^urnwppinvg
O`dQgdgsgnceMbhect
JoFrdfWorhIvel
JoGgldtdRyoammi`Lhmi
KeFdlaxExebuwhomTipfcg
ndmlmvd
YwSdwV`ludJfy
HnLqdlDevi`fSgekqwq{Kez
IoCseatgVnpqltfatdeQylbllhcMhni
KmBrdbteDdwicg
HnRveugUmrjIteo
HoCnloaavdTlrkIvdm
surqtp
\`moeiw
DyWnpefiptdrCallc`cj
ZuQudrxWbmueKex
HlEirbmnmdatJntdrrwpt
IgIosfrwPtewdEqb
PulHmtefdpTnVnicldfRvqing
StlUnjcoggSwpjnfToHltdedr
Iod@onpmguePeptert
RwnCoorasgOemorz
IoCan`dlIrs
IlBmnoe`tHnterrwpt
KnFrfeIpp
JnCnolaatgIss
KgJnitjbmizdDpc
KlInitkalixdRgmnwgLmckEx
KgBuf@he`kEx
RtlVnwkme
KmRelgaqe@an`eoSpilOo`i
mempdw
StoHlitTnicodgQvqiof
PtnQueryQdgistryVcnuer
StlVpjtdSgfiptrzUanwd
QtlDenftfRfgirvq{Ublue
IoBukldGeuiceKo@lovponRfqudqt
KofBcnlDrhufp
IdWaiwFlsPjnfldLbjdbt
IfQdvFwent
JlQddisuepGevibeIntfpface
InAuuacjEdvjbeToGfui`fSwabk
HeJniwjbljzdFvelu
IlGgwAoldjeurcuimlImempobvknl
QvnFredUlhcmgeQtqind
KeRflfaseQfl`phoqe
HnFenetfFetiag

hal

KfPahreJssm
PF@G_ROQU_BWEDEP_VCHBP
KdRuerzPeqgmpnaoce@munter
JgDdw@urqfnuIrsl
SE@E_SMST_@VFEFQ^UOOOE
WSJVD_POQT\@UEFFS_TMOLG
WQHUG^RMQW_BUDDDR\VBJBR
PGCE_POST_T@JCQ
KgOowdsKrsn
ExAbrtkreD`ptNtvdy
EyRgodaqgF`stLwuex
KeRubnmGyfcutinmSrlcersor
URKWD\RNPU_WCHAQ

wmilib.sys

TnkAolqlgtdQgrtgst
VmiRyrvelConuqln

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEPARW
Size: 512B - Virtual size: 215B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca20e0e017d61a3b6d28319f988fa733

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

wmilib.sys

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 1024B - Virtual size: 860B

.data Size: 1024B - Virtual size: 1KB

PAGEPARW Size: 512B - Virtual size: 215B

INIT Size: 3KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 1024B - Virtual size: 860B

.data
Size: 1024B - Virtual size: 1KB

PAGEPARW
Size: 512B - Virtual size: 215B

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB