a18663b353eecd3a38ddf00c735011e1a644ebe68c95aebd56ed3e85b04773cd

Sharing

Copy URL Twitter E-mail

General

Target

a18663b353eecd3a38ddf00c735011e1a644ebe68c95aebd56ed3e85b04773cd
Size

87KB
MD5

bffe2fdb306b7e001e9ce146f0a8d016
SHA1

409dc880d144ab4aeea69fd1ab12e1de564cb780
SHA256

a18663b353eecd3a38ddf00c735011e1a644ebe68c95aebd56ed3e85b04773cd
SHA512

bded4419a3ff4c3aab0f7ea2b2d2d61761d155d7658e8fc5f13ffa6230dda6b2f6e5296807a1fd57746983d425c5762378f422a17435fc486e2f6935d1c470ff
SSDEEP

1536:prAYQafzJ1sXjgqYJHTgARuEk0Vk+BawMaRmsIb27YpfGPDjgFfJh3WQqhFO:jQafzJ1+jYJHTgjI4aRmhAoTF3GhhFO

Score

N/A

Malware Config

Signatures

Files

a18663b353eecd3a38ddf00c735011e1a644ebe68c95aebd56ed3e85b04773cd
.exe windows x86

65871b122bd695d49e223c973f17211e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PoStartNextPowerIrp
ObfReferenceObject
RtlCopyUnicodeString
READ_REGISTER_USHORT
READ_REGISTER_UCHAR
WRITE_REGISTER_UCHAR
WRITE_REGISTER_USHORT
KeInsertQueueDpc
KeSynchronizeExecution
MmUnmapIoSpace
MmMapIoSpace
IoFreeMdl
READ_REGISTER_ULONG
WRITE_REGISTER_ULONG
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
strncmp
IoBuildDeviceIoControlRequest
KeDelayExecutionThread
ZwSetValueKey
ZwCreateKey
IoOpenDeviceRegistryKey
ExAllocatePoolWithTagPriority
IoWMIRegistrationControl
IoDisconnectInterrupt
PoSetPowerState
IoReleaseRemoveLockAndWaitEx
KeBugCheckEx
KeSetEvent
sprintf
IoConnectInterrupt
IoGetDmaAdapter
KeInitializeDpc
IoQueueWorkItem
IoAllocateWorkItem
ExInterlockedPopEntrySList
RtlFreeAnsiString
RtlFreeUnicodeString
PoCallDriver
RtlInitAnsiString
IoFreeIrp
IoAllocateIrp
MmUnlockPages
IoFreeWorkItem
IoReleaseCancelSpinLock
MmProbeAndLockPages
IoAllocateMdl
MmMapLockedPagesSpecifyCache
ExInitializeNPagedLookasideList
IoInitializeTimer
RtlFindMostSignificantBit
RtlFindLeastSignificantBit
ExDeleteNPagedLookasideList
IoStopTimer
IoInvalidateDeviceState
IoIsWdmVersionAvailable
wcscpy
PoRegisterDeviceForIdleDetection
IoStartTimer
MmBuildMdlForNonPagedPool
Mm64BitPhysicalAddress
IoAcquireCancelSpinLock
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
KeInitializeDeviceQueue
ExfInterlockedInsertTailList
ExfInterlockedRemoveHeadList
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoInvalidateDeviceRelations
RtlClearAllBits
RtlInitializeBitMap
RtlFindClearBitsAndSet
RtlClearBits
_except_handler3
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
PoRequestPowerIrp
IofCompleteRequest
ExAllocatePoolWithTag
RtlAppendUnicodeToString
RtlIntegerToUnicodeString
RtlAppendUnicodeStringToString
IoCreateDevice
IoAttachDeviceToDeviceStack
IoDeleteDevice
IoInitializeRemoveLockEx
IoGetConfigurationInformation
IoCreateSymbolicLink
KeInitializeEvent
IoGetAttachedDeviceReference
IoBuildSynchronousFsdRequest
IofCallDriver
KeWaitForSingleObject
ObfDereferenceObject
IoDeleteSymbolicLink
IoDetachDevice
KeInitializeSpinLock
ExFreePoolWithTag
RtlAnsiStringToUnicodeString
ExInterlockedPushEntrySList

hal

KfLowerIrql
ExAcquireFastMutex
KeQueryPerformanceCounter
KeRaiseIrqlToDpcLevel
KeFlushWriteBuffer
KeGetCurrentIrql
WRITE_PORT_ULONG
READ_PORT_ULONG
KfAcquireSpinLock
KfReleaseSpinLock
KfRaiseIrql
ExReleaseFastMutex
KeStallExecutionProcessor
WRITE_PORT_BUFFER_ULONG
WRITE_PORT_BUFFER_USHORT
WRITE_PORT_BUFFER_UCHAR
READ_PORT_BUFFER_ULONG
READ_PORT_BUFFER_USHORT
READ_PORT_BUFFER_UCHAR
WRITE_PORT_UCHAR
READ_PORT_UCHAR
READ_PORT_USHORT

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 384B - Virtual size: 375B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65871b122bd695d49e223c973f17211e

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

wmilib.sys

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 768B - Virtual size: 688B

.data Size: 128B - Virtual size: 100B

PAGE Size: 384B - Virtual size: 375B

INIT Size: 3KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 768B - Virtual size: 688B

.data
Size: 128B - Virtual size: 100B

PAGE
Size: 384B - Virtual size: 375B

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 2KB