Static task
static1
Behavioral task
behavioral1
Sample
hal.dll.zip
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
hal.dll.zip
Resource
win10v2004-20230831-en
Behavioral task
behavioral3
Sample
How to fix Hal.dll errors - DLLDownloader.com.txt
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
How to fix Hal.dll errors - DLLDownloader.com.txt
Resource
win10v2004-20230831-en
Behavioral task
behavioral5
Sample
hal.dll
Resource
win7-20230831-en
Behavioral task
behavioral6
Sample
hal.dll
Resource
win10v2004-20230831-en
General
-
Target
hal.dll.zip
-
Size
97KB
-
MD5
2009d7087321beceafa46152236e9ac5
-
SHA1
32465bc5bf6dcc76860271b22cb0646fa9133058
-
SHA256
8c050b05e3592c06a23c53d2a1eae12f3b0c53bca8fc2dae88e6014ded8e66e6
-
SHA512
8b5ee7d8db3335aeefb13259b77aecddb5068d81d38cf09ff7ba0b30510d32ca321ecd8f7bb12cbcbea93b314bff6f511706bc8b5b231bc73c77f53de2ccc5fb
-
SSDEEP
3072:MH/O5hfWtf7ksInZp4yiozFoXkC9RzqEHEW:C/O5VWusInZPiAt7EkW
Malware Config
Signatures
Files
-
hal.dll.zip.zip
-
How to fix Hal.dll errors - DLLDownloader.com.txt
-
hal.dll.dll windows x86
d52bed1676a1e6ab51b79c80a0dfa025
Code Sign
c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before10/01/1997, 07:00Not After31/12/2020, 07:00SubjectCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation61:47:52:ba:00:00:00:00:00:04Certificate
IssuerCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before16/09/2006, 01:53Not After16/09/2011, 02:03SubjectCN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
61:49:7c:ed:00:00:00:00:00:05Certificate
IssuerCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before16/09/2006, 01:55Not After16/09/2011, 02:05SubjectCN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before16/09/2006, 01:04Not After15/09/2019, 07:00SubjectCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:05:21:23:00:00:00:00:00:06Certificate
IssuerCN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before18/10/2007, 22:09Not After18/12/2008, 22:19SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before09/05/2001, 23:19Not After09/05/2021, 23:28SubjectCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dKey Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
61:07:02:dc:00:00:00:00:00:0bCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before15/09/2005, 21:55Not After15/03/2016, 22:05SubjectCN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
17:cb:81:7b:10:57:6e:4c:6e:b3:b6:33:59:82:4a:f2:34:20:90:24Signer
Actual PE Digest17:cb:81:7b:10:57:6e:4c:6e:b3:b6:33:59:82:4a:f2:34:20:90:24Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
ntoskrnl.exe
KiIpiServiceRoutine
KeProfileInterrupt
KeUpdateRunTime
KeWaitForSingleObject
RtlMoveMemory
IoAllocateAdapterChannel
ObCreateObject
MmAllocateMappingAddress
MmUnmapReservedMapping
MmMapLockedPagesWithReservedMapping
memcpy
MmMapLockedPagesSpecifyCache
MmGetPhysicalAddress
MmAllocateContiguousMemorySpecifyCache
MmFreeContiguousMemory
RtlFindClearBitsAndSet
KeRemoveDeviceQueue
RtlClearBits
ObfDereferenceObject
Mm64BitPhysicalAddress
IoFreeMdl
IoAllocateMdl
MmUnlockPagableImageSection
MmLockPagableDataSection
MmMapIoSpace
ExAllocatePoolWithTag
RtlSetAllBits
RtlInitializeBitMap
KeInitializeDeviceQueue
ZwClose
ObInsertObject
ObReferenceObjectByPointer
IoAdapterObjectType
memset
KeSetEvent
ExFreePoolWithTag
MmUnmapLockedPages
RtlSetBits
IoRegisterPlugPlayNotification
IofCallDriver
IoBuildSynchronousFsdRequest
KeInitializeEvent
IoGetDeviceObjectPointer
RtlInitUnicodeString
IoGetDeviceInterfaces
_allshr
ExQueueWorkItem
KeInsertDeviceQueue
RtlCompareMemory
ExiAcquireFastMutex
ExiReleaseFastMutex
KeQuerySystemTime
WheaReportHwError
WheaGetErrorSource
KeRevertToUserAffinityThread
KeSetSystemAffinityThread
KeQueryActiveProcessors
KeSetTimerEx
KeInitializeMutex
KeInitializeTimerEx
KeInitializeDpc
_allmul
ZwQueryValueKey
ZwOpenKey
KiDispatchInterrupt
KiDeliverApc
KiCheckForSListAddress
MmUnmapIoSpace
EmpProviderRegister
DbgPrint
KeFindConfigurationNextEntry
KeFindConfigurationEntry
strncmp
RtlEqualString
RtlInitString
ZwEnumerateValueKey
ZwQueryKey
ZwSetValueKey
PsChargeProcessCpuCycles
InbvDisplayString
IoAssignDriveLetters
IoReadPartitionTable
IoSetPartitionInformation
IoWritePartitionTable
_stricmp
InbvCheckDisplayOwnership
KiBugCheckData
WRITE_REGISTER_UCHAR
InbvAcquireDisplayOwnership
EtwWrite
EtwEventEnabled
WRITE_REGISTER_ULONG
READ_REGISTER_ULONG
_aulldiv
KeSetTimeIncrement
HalPrivateDispatchTable
_vsnwprintf
RtlFindLeastSignificantBit
_wcsicmp
KeRevertToUserAffinityThreadEx
KeSetSystemAffinityThreadEx
MmLockPagableSectionByHandle
KeEnterKernelDebugger
KdDebuggerEnabled
KdDebuggerNotPresent
InbvSetScrollRegion
InbvEnableDisplayString
InbvInstallDisplayStringFilter
InbvSetTextColor
InbvSolidColorFill
InbvResetDisplay
InbvIsBootDriverInstalled
RtlIntegerToUnicodeString
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
RtlClearAllBits
RtlAreBitsClear
RtlFindNextForwardRunClear
RtlFindFirstRunClear
RtlTestBit
IoGetStackLimits
PoSetFixedWakeSource
RtlTimeFieldsToTime
RtlTimeToTimeFields
DbgPrintEx
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
EtwRegister
MmIsVerifierEnabled
IofCompleteRequest
PoStartNextPowerIrp
ObfReferenceObject
IoReportDetectedDevice
IoCreateDriver
MmAllocateContiguousMemory
PoSetHiberRange
KeInsertQueueDpc
KeSetTargetProcessorDpc
KeSetImportanceDpc
ExReleaseSpinLockShared
ExAcquireSpinLockShared
ExReleaseSpinLockExclusive
ExAcquireSpinLockExclusive
IoReportHalResourceUsage
ZwPowerInformation
ExRegisterCallback
ExCreateCallback
HalDispatchTable
KeQueryTimeIncrement
KeTickCount
_alldiv
atoi
strstr
WheaRegisterErrSrcInitializer
ZwQueryLicenseValue
KeRegisterBugCheckCallback
KeSetProfileIrql
PsGetCurrentProcessId
_allshl
EmClientQueryRuleState
Kei386EoiHelper
KeUpdateSystemTime
KeSaveStateForHibernate
KeBugCheckEx
ZwCreateKey
DbgBreakPoint
ZwDeleteValueKey
_aulldvrm
_alldvrm
RtlUnwind
kdcom
KdRestore
pshed
PshedRetrieveErrorInfo
PshedIsSystemWheaEnabled
PshedGetErrorSourceInfo
Exports
Exports
ExAcquireFastMutex
ExReleaseFastMutex
ExTryToAcquireFastMutex
HalAcquireDisplayOwnership
HalAdjustResourceList
HalAllProcessorsStarted
HalAllocateAdapterChannel
HalAllocateCommonBuffer
HalAllocateCrashDumpRegisters
HalAssignSlotResources
HalBeginSystemInterrupt
HalBugCheckSystem
HalCalibratePerformanceCounter
HalClearSoftwareInterrupt
HalConvertDeviceIdtToIrql
HalDisableInterrupt
HalDisplayString
HalEnableInterrupt
HalEndSystemInterrupt
HalEnumerateEnvironmentVariablesEx
HalFlushCommonBuffer
HalFreeCommonBuffer
HalGetAdapter
HalGetBusData
HalGetBusDataByOffset
HalGetEnvironmentVariable
HalGetEnvironmentVariableEx
HalGetInterruptTargetInformation
HalGetInterruptVector
HalGetMessageRoutingInfo
HalGetProcessorIdByNtNumber
HalGetVectorInput
HalHandleNMI
HalInitSystem
HalInitializeBios
HalInitializeOnResume
HalInitializeProcessor
HalMakeBeep
HalProcessorIdle
HalQueryDisplayParameters
HalQueryEnvironmentVariableInfoEx
HalQueryMaximumProcessorCount
HalQueryRealTimeClock
HalReadDmaCounter
HalRegisterDynamicProcessor
HalRegisterErrataCallbacks
HalReportResourceUsage
HalRequestIpi
HalRequestSoftwareInterrupt
HalReturnToFirmware
HalSetBusData
HalSetBusDataByOffset
HalSetDisplayParameters
HalSetEnvironmentVariable
HalSetEnvironmentVariableEx
HalSetProfileInterval
HalSetRealTimeClock
HalSetTimeIncrement
HalStartDynamicProcessor
HalStartNextProcessor
HalStartProfileInterrupt
HalStopProfileInterrupt
HalSystemVectorDispatchEntry
HalTranslateBusAddress
IoAssignDriveLetters
IoFlushAdapterBuffers
IoFreeAdapterChannel
IoFreeMapRegisters
IoMapTransfer
IoReadPartitionTable
IoSetPartitionInformation
IoWritePartitionTable
KdComPortInUse
KeAcquireInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLockRaiseToSynch
KeAcquireQueuedSpinLock
KeAcquireQueuedSpinLockRaiseToSynch
KeAcquireSpinLock
KeAcquireSpinLockRaiseToSynch
KeFlushWriteBuffer
KeGetCurrentIrql
KeLowerIrql
KeQueryPerformanceCounter
KeRaiseIrql
KeRaiseIrqlToDpcLevel
KeRaiseIrqlToSynchLevel
KeReleaseInStackQueuedSpinLock
KeReleaseQueuedSpinLock
KeReleaseSpinLock
KeStallExecutionProcessor
KeTryToAcquireQueuedSpinLock
KeTryToAcquireQueuedSpinLockRaiseToSynch
KfAcquireSpinLock
KfLowerIrql
KfRaiseIrql
KfReleaseSpinLock
READ_PORT_BUFFER_UCHAR
READ_PORT_BUFFER_ULONG
READ_PORT_BUFFER_USHORT
READ_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
WRITE_PORT_BUFFER_UCHAR
WRITE_PORT_BUFFER_ULONG
WRITE_PORT_BUFFER_USHORT
WRITE_PORT_UCHAR
WRITE_PORT_ULONG
WRITE_PORT_USHORT
x86BiosAllocateBuffer
x86BiosCall
x86BiosFreeBuffer
x86BiosReadMemory
x86BiosWriteMemory
Sections
.text Size: 84KB - Virtual size: 84KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
_PAGELK Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INITDAT Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGELK Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGELK16 Size: 512B - Virtual size: 130B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEKD Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.edata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ