82e3db8ca1216a7eb36c3746fd47f2595b82002e2bc6c1dbc9fbe0f5a7f2a596

Sharing

Copy URL Twitter E-mail

General

Target

82e3db8ca1216a7eb36c3746fd47f2595b82002e2bc6c1dbc9fbe0f5a7f2a596
Size

322KB
MD5

6df96cea35865825bbe15c3cb27e3d44
SHA1

5a505c2796537787dcae6e1fda964c120069700e
SHA256

82e3db8ca1216a7eb36c3746fd47f2595b82002e2bc6c1dbc9fbe0f5a7f2a596
SHA512

99627c5c7bbe83290da07a0745ff0c3e957958f4b6a3c6e74ca07d3a33c87a35f42d1c014d6dee1d0cf23fd0ef8ec87c36d5516f0e9d6edcddad19aefd48a475
SSDEEP

6144:AeEd3/ojyCpIf3vzTP9p0gIuZHRQcckOJSo/GT7x506/guyKomb:+3/b57TPRIEinkOzeTz06Icomb

Score

N/A

Malware Config

Signatures

Files

82e3db8ca1216a7eb36c3746fd47f2595b82002e2bc6c1dbc9fbe0f5a7f2a596
.exe windows x86

3a5f3bc4a35d61f4590a296876452d70

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwOpenKey
DbgPrint
_allmul
IofCompleteRequest
KeSetEvent
PoSetPowerState
_aullshr
MmIsAddressValid
KeWaitForSingleObject
IoFreeWorkItem
IoUnregisterPlugPlayNotification
ObfDereferenceObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
memcpy
IoGetDeviceObjectPointer
IoQueueWorkItem
IoAllocateWorkItem
IoRegisterPlugPlayNotification
KeClearEvent
WRITE_REGISTER_ULONG
READ_REGISTER_ULONG
ObReferenceObjectByHandle
KeQueryTimeIncrement
KeTickCount
_aulldiv
KeDelayExecutionThread
MmGetPhysicalAddress
KeCancelTimer
KeSetTimerEx
KeInitializeTimerEx
KeSetTimer
KeInitializeDpc
KeInitializeTimer
memmove
strncpy
strncmp
_purecall
sprintf
InterlockedPopEntrySList
InterlockedPushEntrySList
RtlCompareMemory
KeBugCheckEx
IoInvalidateDeviceRelations
RtlWriteRegistryValue
RtlDeleteRegistryValue
IoOpenDeviceRegistryKey
ExSystemTimeToLocalTime
KeQuerySystemTime
MmUnmapIoSpace
MmMapIoSpace
ZwCreateKey
swprintf
KeLeaveCriticalRegion
KeEnterCriticalRegion
MmMapLockedPagesSpecifyCache
ExDeleteNPagedLookasideList
KeBugCheck
PsTerminateSystemThread
KeWaitForMultipleObjects
KeSetPriorityThread
ZwQueryValueKey
ExInitializeNPagedLookasideList
_aullrem
_aulldvrm
PoRequestPowerIrp
PoStartNextPowerIrp
PoCallDriver
IoReleaseRemoveLockEx
IoAcquireRemoveLockEx
IoFreeIrp
IoGetLowerDeviceObject
IoGetAttachedDeviceReference
IoAllocateIrp
strstr
RtlGetVersion
_alldiv
IoDeleteSymbolicLink
IoAttachDeviceToDeviceStack
IoCreateSymbolicLink
IoCsqInitialize
IoInitializeRemoveLockEx
IoCreateDevice
RtlUnicodeStringToInteger
wcsncpy
wcsstr
IoRegisterDeviceInterface
IoDeleteDevice
IoDetachDevice
_wcsupr
IoGetDeviceProperty
ZwCreateDirectoryObject
ExRegisterCallback
ExCreateCallback
IoConnectInterrupt
IoReportResourceForDetection
ExUnregisterCallback
IoDisconnectInterrupt
IoReleaseRemoveLockAndWaitEx
IoGetConfigurationInformation
IoSetDeviceInterfaceState
KeRemoveQueueDpc
IoCsqInsertIrp
IoCsqRemoveNextIrp
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
strncat
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ObfReferenceObject
PoRegisterDeviceForIdleDetection
IoInvalidateDeviceState
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeInsertQueueDpc
IoGetDmaAdapter
RtlFreeUnicodeString
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
IoRequestDeviceEject
RtlCreateRegistryKey
RtlCopyUnicodeString
RtlUnwind
ZwClose
memset
RtlInitUnicodeString
ExAllocatePoolWithTag
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlQueryRegistryValues
PsCreateSystemThread
ExFreePoolWithTag

hal

KeAcquireInStackQueuedSpinLock
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql
KeStallExecutionProcessor
KeReleaseInStackQueuedSpinLock

Sections

.text
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 546KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a5f3bc4a35d61f4590a296876452d70

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 293KB - Virtual size: 292KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 546KB

INIT Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 293KB - Virtual size: 292KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 546KB

INIT
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB