a9c319f2ed513e08702f85519a8b3e86e8e2c606fe37b467e9b12083a17c34e5

Sharing

Copy URL Twitter E-mail

General

Target

a9c319f2ed513e08702f85519a8b3e86e8e2c606fe37b467e9b12083a17c34e5
Size

27KB
MD5

882e8b1584fe64360cab7d1eef7da594
SHA1

d92ab8fdeb761199954561e3c4ce3ab489feae85
SHA256

a9c319f2ed513e08702f85519a8b3e86e8e2c606fe37b467e9b12083a17c34e5
SHA512

f3c4c266ab1791bc40108e70ce8df29db5e80194fcd18db39823d3e344f7cce1dbf056b8100b8fb4d7148d2fa2c7605e310af6e42904c25c1953b1a10db57953
SSDEEP

384:0auaMUz1zlthWWsus7f915EcP2Cb6IcoFLURSFz/u0jIcm:CHmNhjs77fvzPCIDURSFjuT

Score

N/A

Malware Config

Signatures

Files

a9c319f2ed513e08702f85519a8b3e86e8e2c606fe37b467e9b12083a17c34e5
.exe windows x86

b0e8fdef85790d062d15248f713a2ca7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ndis.sys

NdisFreePacketPool
NdisMIndicateStatusComplete
NdisMIndicateStatus
NdisReturnPackets
NdisResetEvent
NdisSetEvent
NdisUnchainBufferAtFront
NdisIMCopySendPerPacketInfo
NdisWaitEvent
NdisMSetAttributesEx
NdisDprFreePacket
NdisIMCopySendCompletePerPacketInfo
NdisCloseAdapter
NdisRequest
NdisFreeMemory
NdisAllocateMemoryWithTag
NdisGetReceivedPacket
NdisIMInitializeDeviceInstanceEx
NdisMSleep
NdisIMDeInitializeDeviceInstance
NdisAllocatePacket
NdisInitializeEvent
NdisCloseConfiguration
NdisReEnumerateProtocolBindings
NdisOpenAdapter
NdisIMCancelInitializeDeviceInstance
NdisDprAllocatePacket
NdisReadConfiguration
NdisAllocatePacketPoolEx
NdisDeregisterProtocol
NdisMRegisterUnloadHandler
NdisMRegisterDevice
NdisIMDeregisterLayeredMiniport
NdisInitializeWrapper
NdisRegisterProtocol
NdisMDeregisterDevice
NdisIMRegisterLayeredMiniport
NdisTerminateWrapper
NdisIMAssociateMiniport
NdisAllocateBuffer
NdisFreePacket
NdisOpenProtocolConfiguration
NdisIMGetDeviceContext

ntoskrnl.exe

memcpy
MmMapLockedPages
IoFreeMdl
memset
IofCompleteRequest
KeClearEvent
KeResetEvent
strstr
KeSetEvent
KeInitializeEvent
KeQuerySystemTime
PsCreateSystemThread
MmMapLockedPagesSpecifyCache
IoGetCurrentProcess
ExEventObjectType
_vsnprintf
ObReferenceObjectByHandle
KeWaitForSingleObject
ObfDereferenceObject
DbgPrint
ZwClose
RtlInitUnicodeString
_except_handler3
_allmul

hal

KfAcquireSpinLock
KfReleaseSpinLock

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0e8fdef85790d062d15248f713a2ca7

Headers

File Characteristics

Imports

ndis.sys

ntoskrnl.exe

hal

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 1024B - Virtual size: 756B

.data Size: 512B - Virtual size: 72B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1008B

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 1024B - Virtual size: 756B

.data
Size: 512B - Virtual size: 72B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1008B