abd55aff2ddb01edeefe42f399b8b9686d36799493a074780560ab1d5e91646e

Sharing

Copy URL Twitter E-mail

General

Target

abd55aff2ddb01edeefe42f399b8b9686d36799493a074780560ab1d5e91646e
Size

96KB
MD5

6a847c8d117456dc5c9ae5a3186f661c
SHA1

a237c378d14a38b4ec752ce48d4a9417150a1e8e
SHA256

abd55aff2ddb01edeefe42f399b8b9686d36799493a074780560ab1d5e91646e
SHA512

77a434700c9dc407d5327281817834bcfb945c52d49fcfa25014469d06859eeadc5d2d28c77fca2a59f8d0948ddc95369659a1c8a58083a9b1e9874c8ce6ab97
SSDEEP

1536:gb/kWQ1jz/HDjQClu86n+7nUBeS2izk1gkTZ4VE4VEQ0mPQ0mPQ0u:gb/krXHA4qeS20kunLzRoRoB

Score

N/A

Malware Config

Signatures

Files

abd55aff2ddb01edeefe42f399b8b9686d36799493a074780560ab1d5e91646e
.exe windows x86

e4d4e0ae38b75a3a1a14c82f5cb6762a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strncmp
IoGetCurrentProcess
PsGetCurrentProcessId
strncpy
ZwQueryInformationFile
_strnicmp
PsGetVersion
strstr
KeQuerySystemTime
_wcsnicmp
wcslen
atoi
wcsstr
_wcslwr
PsSetLoadImageNotifyRoutine
IoFileObjectType
ZwOpenFile
KeServiceDescriptorTable
ZwSetValueKey
InterlockedPushEntrySList
DbgPrint
ExDeleteNPagedLookasideList
InterlockedPopEntrySList
ExInitializeNPagedLookasideList
ExSetTimerResolution
KdDebuggerEnabled
ZwCreateKey
memmove
_except_handler3
ProbeForRead
wcscpy
ObQueryNameString
ObfDereferenceObject
ObReferenceObjectByHandle
KeDelayExecutionThread
ZwOpenKey
ZwQueryValueKey
RtlCopyUnicodeString
KeInitializeSpinLock
PsCreateSystemThread
IoCreateSymbolicLink
IoRegisterBootDriverReinitialization
RtlGetVersion
IoCreateDevice
IoAttachDeviceToDeviceStack
IoDeleteDevice
KeGetCurrentThread
KeSetPriorityThread
KeResetEvent
IoAllocateIrp
IoAllocateMdl
IoBuildPartialMdl
IoFreeMdl
IoFreeIrp
PoStartNextPowerIrp
PoCallDriver
IofCompleteRequest
KeSetEvent
RtlCompareUnicodeString
RtlIntegerToUnicodeString
RtlAppendUnicodeStringToString
PsGetCurrentThreadId
_alldiv
ZwCreateFile
ZwQueryVolumeInformationFile
ExAllocatePoolWithTag
ZwFsControlFile
_wcsicmp
ExFreePoolWithTag
IoBuildDeviceIoControlRequest
_allmul
KeInitializeEvent
IoBuildSynchronousFsdRequest
IofCallDriver
KeWaitForSingleObject
sprintf
RtlInitAnsiString
RtlAnsiStringToUnicodeString
IoGetDeviceObjectPointer
RtlFreeUnicodeString
swprintf
RtlInitUnicodeString
IoCreateFile
ZwSetInformationFile
ZwReadFile
ZwWriteFile
RtlAppendUnicodeToString
ZwClose

hal

KfReleaseSpinLock
KeRaiseIrqlToDpcLevel
KeGetCurrentIrql
KfLowerIrql
KfRaiseIrql
KeQueryPerformanceCounter
KfAcquireSpinLock

ndis.sys

NdisMRegisterUnloadHandler
NdisInitUnicodeString
NdisRegisterProtocol
NdisIMAssociateMiniport
NdisTerminateWrapper
NdisIMDeregisterLayeredMiniport
NdisMDeregisterDevice
NdisIMCancelInitializeDeviceInstance
NdisIMDeInitializeDeviceInstance
NdisMSleep
NdisReEnumerateProtocolBindings
NdisIMNotifyPnPEvent
NdisGetReceivedPacket
NdisDprAllocatePacket
NdisQueryBufferOffset
NDIS_BUFFER_TO_SPAN_PAGES
NdisCopyFromPacketToPacketSafe
NdisAllocateBuffer
NdisDprFreePacket
NdisDeregisterProtocol
NdisOpenProtocolConfiguration
NdisReadConfiguration
NdisAllocateMemoryWithTag
NdisAllocatePacketPoolEx
NdisAllocateBufferPool
NdisOpenAdapter
NdisQueryAdapterInstanceName
NdisIMRegisterLayeredMiniport
NdisCloseConfiguration
NdisResetEvent
NdisCloseAdapter
NdisWaitEvent
NdisFreeMemory
NdisFreePacketPool
NdisFreeBufferPool
NdisCancelSendPackets
NdisTransferData
NdisGetPoolFromPacket
NdisUnchainBufferAtFront
NdisFreeBuffer
NdisReturnPackets
NdisRequest
NdisIMGetCurrentPacketStack
NdisSend
NdisAllocatePacket
NdisIMCopySendPerPacketInfo
NdisIMCopySendCompletePerPacketInfo
NdisFreePacket
NdisIMGetDeviceContext
NdisMSetAttributesEx
NdisAllocateSpinLock
NdisInitializeEvent
NdisAcquireSpinLock
NdisReleaseSpinLock
NdisSetEvent
NdisInitializeWrapper
NdisMRegisterDevice
NdisDprReleaseSpinLock
NdisDprAcquireSpinLock
NdisQueryBufferSafe
NdisGetFirstBufferFromPacketSafe
NdisIMInitializeDeviceInstanceEx
NdisAllocateMemory

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4d4e0ae38b75a3a1a14c82f5cb6762a

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 58KB - Virtual size: 58KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 3KB - Virtual size: 2KB

INIT Size: 4KB - Virtual size: 4KB

.rsrc Size: 896B - Virtual size: 848B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 58KB - Virtual size: 58KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 3KB - Virtual size: 2KB

INIT
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 896B - Virtual size: 848B

.reloc
Size: 4KB - Virtual size: 4KB