8789e4dde5668bc0e02809e954764f7c8e0ca8fa118b8ddb2c6835cc3f17920c

General

Target

8789e4dde5668bc0e02809e954764f7c8e0ca8fa118b8ddb2c6835cc3f17920c
Size

78KB
MD5

8bb35b825e850e926feac3bc7646378b
SHA1

65aa59d41112c7008542fe87da8199420fc996f2
SHA256

8789e4dde5668bc0e02809e954764f7c8e0ca8fa118b8ddb2c6835cc3f17920c
SHA512

f0f13d2d2c16bb49d9b0ecd37a990ac9d79d94ff19f305dfafb283936cb4b6708ff4e4f236372e030a6c2f9decfc62f757ea8d92ed843b4ae51856ef7fb0328c
SSDEEP

1536:TrtrEVTt4AfwkPttmqqiCfbxTgvBvBvQHS9zz6mz:1YVpFD6fNgvBvBvb/z

Score

N/A

Malware Config

Signatures

Files

8789e4dde5668bc0e02809e954764f7c8e0ca8fa118b8ddb2c6835cc3f17920c
.dll windows x86

c5f3f92be87662a6d1c8bef2f75199a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

FsRtlPostPagingFileStackOverflow
RtlSelfRelativeToAbsoluteSD2
ExAllocatePool
RtlLookupAtomInAtomTable
NlsMbOemCodePageTag
ExFreePool
ExfInterlockedPushEntryList
SeTokenType
SeCaptureSecurityDescriptor
memcpy
FsRtlMdlRead
KeQueryTimeIncrement
RtlImageNtHeader
IoQueueThreadIrp

classpnp.sys

ClassCompleteRequest
ClassModeSense
ClassGetVpb
ClassInitialize
ClassDisableMediaChangeDetection
ClassSignalCompletion
ClassCleanupMediaChangeDetection

hal

HalGetEnvironmentVariable
KeTryToAcquireQueuedSpinLock
ExReleaseFastMutex
HalSetDisplayParameters
KfRaiseIrql
WRITE_PORT_BUFFER_UCHAR
HalStartNextProcessor
KeStallExecutionProcessor
KeRaiseIrql
HalFreeCommonBuffer
HalRequestSoftwareInterrupt
HalSetBusDataByOffset
KeRaiseIrqlToSynchLevel
WRITE_PORT_ULONG
KeAcquireSpinLockRaiseToSynch

Exports

Exports

OfdrvBri
ZuLhhauqMbrqtliGpj
HlDwsxspJxpwzGvj
OwiQuvfzcIoluaNoplKt
DxhJznqKxuytxWzckjbYn
HtkVqtkwlsTtvznvp

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5f3f92be87662a6d1c8bef2f75199a8

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

classpnp.sys

hal

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 69KB - Virtual size: 161KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 38B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 69KB - Virtual size: 161KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 38B