c0ed3f61f3170364a135f619a4df6150d3ff96f4ad78397e73b66368c7d818a8

Sharing

Copy URL Twitter E-mail

General

Target

c0ed3f61f3170364a135f619a4df6150d3ff96f4ad78397e73b66368c7d818a8
Size

85KB
MD5

30131bfaec81314ba8c95bb68d319431
SHA1

3b83af1468344b1b4f6f4cd536db1a2316f845f3
SHA256

c0ed3f61f3170364a135f619a4df6150d3ff96f4ad78397e73b66368c7d818a8
SHA512

34cef6cd26275e7c44e2e530dcb8eacd45100b94eaaae4666584006f1ac056448d0e8ee2bf54a646598bb8f2c6076a97d15c6d4687aa6e0f05f0dd09f4b20886
SSDEEP

1536:zIblbEDp1vqk4KuPfguRZ1u1G5wXaRmmGGQLSVIKV7DNF8MjO42:+lbEDp1H+PfgUGRaRmmzVF5DNF3jO4

Score

N/A

Malware Config

Signatures

Files

c0ed3f61f3170364a135f619a4df6150d3ff96f4ad78397e73b66368c7d818a8
.exe windows x86

8fea406dffe9373107993d3eabb1dab7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
ObfReferenceObject
RtlCopyUnicodeString
READ_REGISTER_USHORT
READ_REGISTER_UCHAR
WRITE_REGISTER_UCHAR
WRITE_REGISTER_USHORT
KeInsertQueueDpc
KeSynchronizeExecution
MmUnmapIoSpace
MmMapIoSpace
READ_REGISTER_ULONG
WRITE_REGISTER_ULONG
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
strncmp
IoBuildDeviceIoControlRequest
KeDelayExecutionThread
ZwSetValueKey
ZwCreateKey
IoOpenDeviceRegistryKey
ExAllocatePoolWithTagPriority
IoWMIRegistrationControl
IoDisconnectInterrupt
PoSetPowerState
IoReleaseRemoveLockAndWaitEx
KeBugCheckEx
KeSetEvent
sprintf
IoConnectInterrupt
IoGetDmaAdapter
KeInitializeDpc
ExInterlockedPopEntrySList
RtlFreeAnsiString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoReleaseRemoveLockEx
IoAllocateIrp
IoFreeMdl
MmUnlockPages
IoReleaseCancelSpinLock
MmProbeAndLockPages
IoAllocateMdl
IoFreeWorkItem
MmMapLockedPagesSpecifyCache
IoQueueWorkItem
IoAllocateWorkItem
ExInitializeNPagedLookasideList
IoInitializeTimer
RtlFindMostSignificantBit
RtlFindLeastSignificantBit
ExDeleteNPagedLookasideList
IoStopTimer
IoInvalidateDeviceState
IoIsWdmVersionAvailable
wcscpy
PoRegisterDeviceForIdleDetection
IoStartTimer
Mm64BitPhysicalAddress
IoAcquireCancelSpinLock
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
KeInitializeDeviceQueue
ExfInterlockedInsertTailList
ExfInterlockedRemoveHeadList
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoInvalidateDeviceRelations
RtlClearAllBits
RtlInitializeBitMap
RtlFindClearBitsAndSet
RtlClearBits
_except_handler3
PoRequestPowerIrp
IofCompleteRequest
ExAllocatePoolWithTag
RtlAppendUnicodeToString
RtlIntegerToUnicodeString
RtlAppendUnicodeStringToString
IoCreateDevice
IoAttachDeviceToDeviceStack
IoDeleteDevice
IoInitializeRemoveLockEx
IoGetConfigurationInformation
IoCreateSymbolicLink
KeInitializeEvent
IoGetAttachedDeviceReference
IoBuildSynchronousFsdRequest
IofCallDriver
KeWaitForSingleObject
ObfDereferenceObject
IoDeleteSymbolicLink
IoDetachDevice
KeInitializeSpinLock
ExFreePoolWithTag
IoFreeIrp
ExInterlockedPushEntrySList

�c

READ_PORT_UCHAR
READ_PORT_USHORT
KfLowerIrql
KeStallExecutionProcessor
WRITE_PORT_BUFFER_ULONG
WRITE_PORT_BUFFER_USHORT
WRITE_PORT_BUFFER_UCHAR
READ_PORT_BUFFER_ULONG
READ_PORT_BUFFER_USHORT
READ_PORT_BUFFER_UCHAR
WRITE_PORT_UCHAR

m

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 675B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 384B - Virtual size: 375B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8fea406dffe9373107993d3eabb1dab7

Headers

File Characteristics

Imports

ntoskrnl.exe

�c

m

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 768B - Virtual size: 675B

.data Size: 128B - Virtual size: 100B

PAGE Size: 384B - Virtual size: 375B

INIT Size: 3KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 768B - Virtual size: 675B

.data
Size: 128B - Virtual size: 100B

PAGE
Size: 384B - Virtual size: 375B

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 2KB