1c484282cdf401c61326f05e904a553e

Sharing

Copy URL Twitter E-mail

General

Target

1c484282cdf401c61326f05e904a553e
Size

141KB
MD5

1c484282cdf401c61326f05e904a553e
SHA1

9fabc081646658c70d21ab9c14ae054d0522dd19
SHA256

02b5d4259f151ccb074d5a395edcfaba37f748f60f6890739dd8fe28cb98a561
SHA512

e9e402453702787bca5c070da5bf64057d7313df6ca77a32003a66dbbad30bdeb206073cca80a0bb49af6cd714c913743c5434adc16344183c06986d405b0fe7
SSDEEP

3072:oda49FJbg2Vr0upuRX06kJY94H6g+04bnPTpJ:oR9QKrfpKX03SXvn1J

Score

1^/10

Malware Config

Signatures

Files

1c484282cdf401c61326f05e904a553e
.sys windows:6 windows x86 arch:x86

73177ffb1007d55c0241837db5d135bd

Code Sign

45:9a:6a:62:62:eb:4e:99:7e:7d:8e:67:ac:66:b6:65:52:9d:13:f9
Signer

Actual PE Digest

45:9a:6a:62:62:eb:4e:99:7e:7d:8e:67:ac:66:b6:65:52:9d:13:f9

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeQueryActiveProcessorCountEx
InterlockedPushEntrySList
IoDisconnectInterruptEx
IoInvalidateDeviceState
RtlCompareMemory
IoInvalidateDeviceRelations
KeInsertQueueDpc
InterlockedPopEntrySList
ObfReferenceObject
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeSetTimer
KeCancelTimer
_allmul
KeReleaseInStackQueuedSpinLockFromDpcLevel
KeAcquireInStackQueuedSpinLockAtDpcLevel
ExAcquireRundownProtectionCacheAware
ExReleaseRundownProtectionCacheAware
ExWaitForRundownProtectionReleaseCacheAware
IoGetDeviceProperty
KeInitializeTimer
ExAllocateCacheAwareRundownProtection
RtlInitUnicodeString
IofCallDriver
KeWaitForSingleObject
KeInitializeEvent
KeDelayExecut:E@Vhread
KdGltsiPtetdeDpcs
IoEdleteEdwice
IoDetachDevice
RtlCompareString
MmUnmapLockedPages
IoAllocateMdl
IoReuseIrp
IoAllocateIrp
IoFreeIrp
IoFreeMdl
MmBuildMdlForNonPagedPool
IoGetDmaAdapter
EtwRegister
EtwUnregister
KeQueryTimeIncrement
_alldiv
IoAttachDeviceToDeviceStack
IoGetDriverObjectExtension
IoCreateDevice
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
IoWMIWriteEvent
MmGetSystemRoutineAddress
RtlStringFromGUID
RtlQueryRegistryValues
IoAllocateDriverObjectExtension
PoStartDeviceBusy
KeGetCurrentProcessorNumberEx
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeSetTargetProcessorDpcEx
KeBugCheckEx
vDbgPrintExWithPrefix
MmGetPhysicalAddress
MmGetVirtualForPhysical
MmMapIoSpace
READ_REGISTER_UCHAR
READ_REGISTER_USHORT
READ_REGISTER_ULONG
READ_REGISTER_BUFFER_UCHAR
READ_REGISTER_BUFFER_USHORT
READ_REGISTER_BUFFER_ULONG
WRITE_REGISTER_UCHAR
WRITE_REGISTER_USHORT
WRITE_REGISTER_ULONG
WRITE_REGISTER_BUFFER_UCHAR
WRITE_REGISTER_BUFFER_USHORT
WRITE_REGISTER_BUFFER_ULONG
memmove
KeQueryGroupAffinity
KeQueryNodeActiveAffinity
KeQueryHighestNodeNumber
KeQueryLogicalProcessorRelationship
MmAllocateContiguousMemorySpecifyCacheNode
MmFreeContiguousMemorySpecifyCache
IoGetConfigurationInformation
Mm64BitPhysicalAddress
PoSetPowerState
PoStartNextPowerIrp
PoCallDriver
PoRequestPowerIrp
PoRegisterDeviceForIdleDetection
KeSetEvent
KeGetCurrentThread
_vsnwprintf
MmUnmapIoSpace
MmProbeAndLockPages
MmAllocateContiguousMemorySpecifyCache
MmFreeContiguousMemory
RtlCopyUnicodeString
IoCreateSymbolicLink
IoDeleteSymbolicLink
PoEndDeviceBusy
ZwOpenKey
IoOpenDeviceRegistryKey
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
KeSetTimerEx
ZwQueryValueKey
MmAddVerifierThunks
MmIsVerifierEnabled
MmProtectMdlSystemAddress
MmUnlockPages
MmLockPagableDataSection
RtlUnwind
KeQueryActiveGroupCount
IoGetDevicePropertyData
ExAllocatePoolWithTag
IoGetAffinityInterrupt
memset
IoConnectInterruptEx
KeTickCount
IoWMIRegistrationControl
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
ZwClose
ExFreePoolWithTag
RtlFreeUnicodeString
ExInterlockedFlushSList
memcpy
MmMapLockedPagesSpecifyCache
IofCompleteRequest
KeReleaseInterruptSpinLock
KeAcquireInterruptSpinLock
KeQuerySystemTime
EtwWrite
KeInitializeDpc
RtlUnicodeStringToAnsiString
_wcsnicmp
RtlWriteRegistryValue
RtlCreateRegistryKey
RtlCheckRegistryKey
_vsnprintf
RtlAppendUnicodeStringToString
ZwCreateKey
ZwDeleteKey
SeReleaseSubjectContext
SeUnlockSubjectContext
SeAccessCheck
IoGetFileObjectGenericMapping
SeLockSubjectContext
SeCaptureSubjectContext
ZwSetValueKey
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
IoCancelIrp
WmiTraceMessageVa
WmiQueryTraceInformation
ObfDereferenceObject
IoBuildSynchronousFsdRequest
IoGetAttachedDeviceReference
EtwEventEnabled
EtwProviderEnabled

hal

WRITE_PORT_BUFFER_USHORT
WRITE_PORT_BUFFER_UCHAR
WRITE_PORT_ULONG
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_BUFFER_ULONG
READ_PORT_BUFFER_USHORT
READ_PORT_BUFFER_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
KeStallExecutionProcessor
KeRaiseIrqlToDpcLevel
KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
WRITE_PORT_BUFFER_ULONG

Exports

Exports

DllInitialize
ScsiPortMoveMemory
ScsiPortNotification
StorPortAllocateRegistryBuffer
StorPortBusy
StorPortCompleteRequest
StorPortConvertUlongToPhysicalAddress
StorPortDebugPrint
StorPortDeviceBusy
StorPortDeviceReady
StorPortExtendedFunction
StorPortFreeDeviceBase
StorPortFreeRegistryBuffer
StorPortGetBusData
StorPortGetDeviceBase
StorPortGetLogicalUnit
StorPortGetPhysicalAddress
StorPortGetScatterGatherList
StorPortGetSrb
StorPortGetUncachedExtension
StorPortGetVirtualAddress
StorPortInitialize
StorPortLogError
StorPortMoveMemory
StorPortNotification
StorPortPause
StorPortPauseDevice
StorPortQuerySystemTime
StorPortReadPortBufferUchar
StorPortReadPortBufferUlong
StorPortReadPortBufferUshort
StorPortReadPortUchar
StorPortReadPortUlong
StorPortReadPortUshort
StorPortReadRegisterBufferUchar
StorPortReadRegisterBufferUlong
StorPortReadRegisterBufferUshort
StorPortReadRegisterUchar
StorPortReadRegisterUlong
StorPortReadRegisterUshort
StorPortReady
StorPortRegistryRead
StorPortRegistryWrite
StorPortResume
StorPortResumeDevice
StorPortSetBusDataByOffset
StorPortSetDeviceQueueDepth
StorPortStallExecution
StorPortSynchronizeAccess
StorPortValidateRange
StorPortWritePortBufferUchar
StorPortWritePortBufferUlong
StorPortWritePortBufferUshort
StorPortWritePortUchar
StorPortWritePortUlong
StorPortWritePortUshort
StorPortWriteRegisterBufferUchar
StorPortWriteRegisterBufferUlong
StorPortWriteRegisterBufferUshort
StorPortWriteRegisterUchar
StorPortWriteRegisterUlong�>�rPortWriteRegisterUshort
>�rPortWriteRegisterUshort

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEVRFY
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73177ffb1007d55c0241837db5d135bd

Code Sign

45:9a:6a:62:62:eb:4e:99:7e:7d:8e:67:ac:66:b6:65:52:9d:13:f9Signer

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Exports

Exports

Sections

.text Size: 77KB - Virtual size: 76KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 128KB

PAGE Size: 23KB - Virtual size: 23KB

PAGEVRFY Size: 5KB - Virtual size: 4KB

.edata Size: 2KB - Virtual size: 2KB

INIT Size: 5KB - Virtual size: 5KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 5KB - Virtual size: 4KB

45:9a:6a:62:62:eb:4e:99:7e:7d:8e:67:ac:66:b6:65:52:9d:13:f9
Signer

.text
Size: 77KB - Virtual size: 76KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 128KB

PAGE
Size: 23KB - Virtual size: 23KB

PAGEVRFY
Size: 5KB - Virtual size: 4KB

.edata
Size: 2KB - Virtual size: 2KB

INIT
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 5KB - Virtual size: 4KB