a2d036e7a90881c366911115432e9ac8abd8edc6b7d91f549583871229d21ac0

Sharing

Copy URL Twitter E-mail

General

Target

a2d036e7a90881c366911115432e9ac8abd8edc6b7d91f549583871229d21ac0
Size

445KB
MD5

73d7d33af697a73770e41570a89b7490
SHA1

3a0c9fa5c0f1899ce1ae8075274c291c7131ce22
SHA256

a2d036e7a90881c366911115432e9ac8abd8edc6b7d91f549583871229d21ac0
SHA512

17a73c32301a09d8371f1ec589cdc16070dcc261b40bb93c52aadd568816ff7f12eb952d7106150c7d601d6bf2f7628916a1e223add775cab19480e228b0c5ef
SSDEEP

6144:TX5Vm1BDXqZEKTHAJiKXi4LE4wxHObJ2LG24z/3nZr26tVrl/tg5o8jOcfDvecdX:j5VXBtKy4LE4wxubJ2Li73ZpjgRdKWQ

Score

N/A

Malware Config

Signatures

Files

a2d036e7a90881c366911115432e9ac8abd8edc6b7d91f549583871229d21ac0
.dll windows x86

f685a85735bf032bcf52957e8015b615

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlTimeFieldsToTime
IoAllocateWorkItem
FsRtlCheckLockForWriteAccess
CcMdlReadComplete
ZwAllocateVirtualMemory
PsIsThreadTerminating
ExDeleteNPagedLookasideList
CcFastMdlReadWait
RtlInitUnicodeString
IoSetPartitionInformation
IoDetachDevice
ZwOpenFile
PsDereferencePrimaryToken
ObReferenceObjectByHandle
KeWaitForSingleObject
IoVerifyPartitionTable
KeInitializeQueue
MmMapUserAddressesToPage
MmAllocateMappingAddress
IoDeleteDevice
ZwWriteFile
PoCallDriver
IoCheckEaBufferValidity
IoWMIWriteEvent
IoDisconnectInterrupt
ExAcquireResourceSharedLite
IoGetDeviceToVerify
ZwUnloadDriver
IoSetShareAccess
RtlFillMemoryUlong
IoInitializeRemoveLockEx
PsReturnPoolQuota
RtlSplay
KeRemoveEntryDeviceQueue
IoCancelIrp
IoAcquireRemoveLockEx
RtlCreateUnicodeString
KeInsertByKeyDeviceQueue
ExNotifyCallback
IoConnectInterrupt
KeInsertQueueDpc
RtlVerifyVersionInfo
IoRaiseHardError
PsGetCurrentProcessId
ObReleaseObjectSecurity
KeRemoveQueueDpc
RtlCreateSecurityDescriptor
RtlCheckRegistryKey
MmUnmapReservedMapping
KeClearEvent
ObCreateObject
RtlEqualSid
RtlxAnsiStringToUnicodeSize
RtlRandom
RtlUpcaseUnicodeString
PsGetProcessId
RtlxUnicodeStringToAnsiSize
RtlFindClearBitsAndSet
RtlCopySid
RtlFindLastBackwardRunClear
IoReleaseRemoveLockEx
KeBugCheckEx
ExCreateCallback
ObGetObjectSecurity
SeAssignSecurity
KeCancelTimer
IoAllocateController
PoRequestPowerIrp
IoQueryFileDosDeviceName
PsImpersonateClient
IoAllocateMdl
RtlInitializeUnicodePrefix
ZwOpenProcess
CcInitializeCacheMap
IoDeviceObjectType
RtlValidSid
RtlNtStatusToDosError
IoStopTimer
KeInitializeMutex
IoAcquireVpbSpinLock
RtlCharToInteger
IoSetStartIoAttributes
IoCreateFile
RtlInt64ToUnicodeString
RtlLengthSecurityDescriptor
FsRtlNotifyUninitializeSync
IoReleaseRemoveLockAndWaitEx
CcCanIWrite
IoIsOperationSynchronous
ZwClose
IoWritePartitionTableEx
IoFreeWorkItem
MmUnsecureVirtualMemory
RtlPrefixUnicodeString
MmAddVerifierThunks
ZwLoadDriver
KeDelayExecutionThread
FsRtlIsDbcsInExpression
IoInitializeTimer
SeReleaseSubjectContext
RtlSecondsSince1980ToTime
CcIsThereDirtyData
MmFreeNonCachedMemory
MmFreeContiguousMemory
ZwFreeVirtualMemory
KeSetEvent
MmFreeMappingAddress
MmSecureVirtualMemory
RtlUnicodeToOemN
RtlDowncaseUnicodeString
IoStartNextPacket
DbgBreakPoint
KeInitializeTimerEx
CcFastCopyRead
KeSetTargetProcessorDpc
IoIsSystemThread
KeInitializeEvent
RtlFreeUnicodeString
RtlUpcaseUnicodeChar
KeQueryInterruptTime
ZwOpenSymbolicLinkObject
RtlFindNextForwardRunClear
IoAllocateErrorLogEntry
PsLookupThreadByThreadId
SeLockSubjectContext
ExLocalTimeToSystemTime
RtlFindLongestRunClear
RtlIntegerToUnicodeString
PoUnregisterSystemState
RtlEqualUnicodeString
IoGetCurrentProcess
RtlUnicodeStringToOemString
IoEnumerateDeviceObjectList
IoWMIRegistrationControl
IoCreateNotificationEvent
ExReleaseFastMutexUnsafe
IoThreadToProcess
IoWriteErrorLogEntry
ZwMakeTemporaryObject
ZwQueryInformationFile
RtlClearBits
KeSetSystemAffinityThread
ZwPowerInformation
KeReadStateMutex
RtlValidSecurityDescriptor
RtlAppendStringToString
FsRtlDeregisterUncProvider
SeSetSecurityDescriptorInfo
CcDeferWrite
KeDetachProcess
IoCreateStreamFileObject
IoGetDriverObjectExtension
CcUnpinData
MmIsDriverVerifying
IoCreateDevice
IoUnregisterFileSystem
ExReleaseResourceLite
ZwQueryObject
PsChargeProcessPoolQuota
ZwCreateSection
IoFreeErrorLogEntry
ExVerifySuite
FsRtlFastUnlockSingle
MmSetAddressRangeModified
RtlInitAnsiString
RtlCreateRegistryKey
RtlFindUnicodePrefix
ObMakeTemporaryObject
FsRtlCheckOplock
KeWaitForMultipleObjects
ObfReferenceObject
KeReadStateEvent
RtlFindClearRuns
VerSetConditionMask
IoGetDeviceInterfaceAlias
ObReferenceObjectByPointer
KeBugCheck
CcPreparePinWrite
IoInvalidateDeviceState
IoGetAttachedDevice
CcPurgeCacheSection
ExGetExclusiveWaiterCount
ExSetTimerResolution
DbgPrompt
ZwEnumerateKey
IoGetAttachedDeviceReference
IoFreeMdl
ExAllocatePool
CcPinMappedData
RtlTimeToSecondsSince1970
MmUnmapIoSpace
MmFlushImageSection
RtlCompareMemory
IoSetDeviceInterfaceState
ProbeForRead
RtlVolumeDeviceToDosName
ZwCreateEvent
IoGetBootDiskInformation
KeGetCurrentThread
SeFreePrivileges
KeInitializeTimer
MmUnlockPages
PsGetThreadProcessId
IoGetDeviceInterfaces
SeAppendPrivileges
RtlAppendUnicodeToString
KeRemoveByKeyDeviceQueue
RtlAnsiStringToUnicodeString
SeTokenIsRestricted
SeQueryAuthenticationIdToken
IoSetSystemPartition
KeReleaseMutex
ZwSetValueKey
IoMakeAssociatedIrp
SeDeleteObjectAuditAlarm
FsRtlIsNameInExpression
KeSynchronizeExecution
CcRemapBcb
ExUnregisterCallback
SeImpersonateClientEx
MmQuerySystemSize
RtlFindLeastSignificantBit
PsReferencePrimaryToken
KeSetImportanceDpc
ExQueueWorkItem
RtlFindSetBits
PsTerminateSystemThread
KeRemoveDeviceQueue
IoQueryFileInformation
RtlDeleteNoSplay
KeSetKernelStackSwapEnable
IoIsWdmVersionAvailable
ExSetResourceOwnerPointer
CcUninitializeCacheMap
ExRegisterCallback
ZwDeviceIoControlFile
MmAllocatePagesForMdl
CcUnpinRepinnedBcb
ObInsertObject
RtlOemToUnicodeN
RtlAnsiCharToUnicodeChar
RtlHashUnicodeString
IoFreeIrp
ZwQueryValueKey
RtlUpcaseUnicodeToOemN
IoReuseIrp
KeQueryActiveProcessors
SeDeassignSecurity
RtlSetDaclSecurityDescriptor
ExDeleteResourceLite
IoStartTimer
RtlDeleteElementGenericTable
FsRtlAllocateFileLock
IoGetRelatedDeviceObject
MmBuildMdlForNonPagedPool

Exports

Exports

?InstallDeviceOld@@YGPAMPAI<V
?InstallComponentNew@@YGXGFPAE<V
?FreeComponent@@YGDPAJH<V
?HideArgumentExW@@YGJF<V
?InsertKeyNameOriginal@@YGMPADIM<V
?FindMemoryA@@YGKNIPA_NN<V

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f685a85735bf032bcf52957e8015b615

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 41KB

.data Size: 9KB - Virtual size: 27KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 768B

.text
Size: 41KB - Virtual size: 41KB

.data
Size: 9KB - Virtual size: 27KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 768B