8652d33fdeea49f998049c34e1f55f479f104c52af4009d590f97d141d37467f

Sharing

Copy URL

Twitter E-mail

General

Target

8652d33fdeea49f998049c34e1f55f479f104c52af4009d590f97d141d37467f
Size

116KB
MD5

d650165648b285e9f7550cf5f5d34443
SHA1

a2d341198cedad325c1fbd688cebd0c8cd8d1af1
SHA256

8652d33fdeea49f998049c34e1f55f479f104c52af4009d590f97d141d37467f
SHA512

f3222be2ab4ed7efcc83fe8ba438ec6083df8fce86586f649371dee64b9b5f52f64d8c035344e632ec6bca5b31dd2b41a5e59a85744e0a72a6ed1a47a933a8e1
SSDEEP

1536:igttEmXBOK4boAZxWMIfd4tkA20+Bwc5kAfz8nquMPWMy04CCCCCCCCCCCCb:iQtEAsKO3IfKNt+wctLbPE0c

Score

N/A

Malware Config

Signatures

Files

8652d33fdeea49f998049c34e1f55f479f104c52af4009d590f97d141d37467f
.exe windows x86

e56354916ca9bba79b0fa13e8613c1e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExfInterlockedInsertHeadList
KeWaitForMultipleObjects
ExfInterlockedRemoveHeadList
RtlUnicodeStringToInteger
RtlInitUnicodeString
PsTerminateSystemThread
ZwQueryValueKey
ZwOpenKey
RtlEqualUnicodeString
RtlWriteRegistryValue
_aulldiv
_allmul
PsCreateSystemThread
RtlCompareMemory
DbgPrint
KeSetEvent
KeInitializeEvent
KeResetEvent
KeWaitForSingleObject
ZwClose
ExFreePool
KeInitializeSpinLock
IoOpenDeviceRegistryKey
ExAllocatePoolWithTag
KeDelayExecutionThread
sprintf
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
swprintf
KeQuerySystemTime
IoFreeIrp
IofCallDriver
IoAllocateIrp

hal

KeGetCurrentIrql
KfAcquireSpinLock
KeQueryPerformanceCounter
KfReleaseSpinLock

stream.sys

StreamClassStreamNotification
StreamClassDeviceNotification
StreamClassAbortOutstandingRequests
StreamClassRegisterAdapter
StreamClassRegisterFilterWithNoKSPins
StreamClassQueryMasterClockSync

dxapi.sys

_DxApi@20

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 960B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e56354916ca9bba79b0fa13e8613c1e9

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

stream.sys

dxapi.sys

Sections

.text Size: 77KB - Virtual size: 77KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 16KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 960B - Virtual size: 936B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 16KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 960B - Virtual size: 936B

.reloc
Size: 3KB - Virtual size: 3KB