f47a951eec1b654b21a497f49acd50ba2283afbf976680dc72e74e3e36538b11

General

Target

f47a951eec1b654b21a497f49acd50ba2283afbf976680dc72e74e3e36538b11
Size

22KB
MD5

32142cf0389cf4d3fe437436a64ec77d
SHA1

437c1079764489df4242f34ab144ccc4e018cdc6
SHA256

f47a951eec1b654b21a497f49acd50ba2283afbf976680dc72e74e3e36538b11
SHA512

5901710f236d24835aec7bcf9c6581b2181548bc5bb5f0ecf9887d66dcf8638d56409c8715eac4a1065b44ee94ece308ef24d28d9c761a46faa095dc206fb8eb
SSDEEP

384:X0rSLhHjWqluCSB6PChmSmlgCbGAXFXEmqaUImWBsQCoLXEgyUCvO34KV7wTuG+w:X0ryhDLA66YSmlyAXRisBPLZyjvO341Z

Score

N/A

Malware Config

Signatures

Files

f47a951eec1b654b21a497f49acd50ba2283afbf976680dc72e74e3e36538b11
.exe windows x86

f4ed347dce32cc25e9c7aebbdda1b80c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
IofCompleteRequest
memmove
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoQueryDeviceDescription
RtlWriteRegistryValue
RtlUnicodeStringToAnsiString
IoAttachDeviceToDeviceStack
KeInitializeEvent
RtlAppendUnicodeToString
IofCallDriver
PoCallDriver
PoStartNextPowerIrp
KeSetEvent
IoDeleteDevice
IoDetachDevice
MmMapIoSpace
MmUnmapIoSpace
KeWaitForSingleObject
_except_handler3
RtlQueryRegistryValues
ExFreePoolWithTag
IoCreateDevice
ExAllocatePoolWithTag

hal

WRITE_PORT_UCHAR
READ_PORT_UCHAR
WRITE_PORT_USHORT

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fben
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4ed347dce32cc25e9c7aebbdda1b80c

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 256B - Virtual size: 254B

.data Size: 128B - Virtual size: 72B

INIT Size: 2KB - Virtual size: 1KB

.fben Size: 10KB - Virtual size: 10KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 384B - Virtual size: 276B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 256B - Virtual size: 254B

.data
Size: 128B - Virtual size: 72B

INIT
Size: 2KB - Virtual size: 1KB

.fben
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 384B - Virtual size: 276B