ca6f135e5dc8c08e1aba61b97117a5c85d4f210a79ee4cbb9f3618700255e614

General

Target

ca6f135e5dc8c08e1aba61b97117a5c85d4f210a79ee4cbb9f3618700255e614
Size

68KB
MD5

0b938ee09d36ed6fdddd3024aab17bf5
SHA1

26f4e65b5197ed431a4c3f8a4c2590e53cb0cbed
SHA256

ca6f135e5dc8c08e1aba61b97117a5c85d4f210a79ee4cbb9f3618700255e614
SHA512

e4e8f60a2aae11d5bc6713d46ba984d5b45ae8b88d85a16ea4291658a5800d4d537b8cdcfd2d060d612fec0a5cee28f95895653d85b589d3f8c1a6d245cd9972
SSDEEP

1536:8+S83SpJ2con1iESwuOcs/fj0FtASMvQ6qBd3FL:8+S83Q2coI/vUotMvtqv1

Score

N/A

Malware Config

Signatures

Files

ca6f135e5dc8c08e1aba61b97117a5c85d4f210a79ee4cbb9f3618700255e614
.exe windows x86

b13b02e3cee07b799b7d9388bfe5bd29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlImageNtHeader
RtlInitString
RtlConvertLongToLargeInteger
FsRtlDeleteTunnelCache
ExAllocatePool
RtlAnsiStringToUnicodeString
FsRtlCheckLockForReadAccess
Mm64BitPhysicalAddress
memcpy
KeReadStateQueue
RtlFreeUnicodeString
RtlInitUnicodeString
NtFindAtom
ZwCreateSymbolicLinkObject
RtlCompareUnicodeString
CcSetAdditionalCacheAttributes
ZwCreateSection
LsaLogonUser
ZwOpenFile
ExFreePool
RtlIntegerToChar

classpnp.sys

ClassAcquireRemoveLockEx
ClassAcquireChildLock
ClassInitializeMediaChangeDetection
ClassInternalIoControl
ClassSpinDownPowerHandler
ClassFindModePage
ClassInvalidateBusRelations
ClassInterpretSenseInfo
ClassCreateDeviceObject
ClassClaimDevice
ClassReleaseRemoveLock
ClassSendStartUnit

hal

KfRaiseIrql
HalFreeCommonBuffer
HalAllocateAdapterChannel
HalCalibratePerformanceCounter
READ_PORT_ULONG
HalAllProcessorsStarted
HalGetAdapter
KeAcquireQueuedSpinLockRaiseToSynch
READ_PORT_UCHAR
HalInitSystem
ExAcquireFastMutex

Exports

Exports

JwAvnwvgHsg
SyvMvojclvIhb

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b13b02e3cee07b799b7d9388bfe5bd29

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

classpnp.sys

hal

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 15KB - Virtual size: 63KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 56B

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 15KB - Virtual size: 63KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 56B