f40deb7d0d2e17688fe668f7bcf92f1cd48d4f68383025889307ca068cb77314

Sharing

Copy URL

Twitter E-mail

General

Target

f40deb7d0d2e17688fe668f7bcf92f1cd48d4f68383025889307ca068cb77314
Size

356KB
MD5

e6426973ec7735925e97bfeb4ec80d7d
SHA1

abcf4db15d487a7ed52a744c32bf7edda03d6b6c
SHA256

f40deb7d0d2e17688fe668f7bcf92f1cd48d4f68383025889307ca068cb77314
SHA512

5898127e058e6c9c1660dceb3cb98589cc6a2c82fa408cdd6ff1d0852ca6f5ea0616a6667ade76fcb1fb572954cb1f1e8f41391d4d1c6064d1ac134e2113a9ac
SSDEEP

6144:+etd076r160FzkKFPQC52PE0OApt0KkqNzFx7hg6+FWUXiXC:f30d8zkKaxD+F1b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f40deb7d0d2e17688fe668f7bcf92f1cd48d4f68383025889307ca068cb77314

Files

f40deb7d0d2e17688fe668f7bcf92f1cd48d4f68383025889307ca068cb77314
.dll windows:5 windows x86 arch:x86

6d309b2b2a69fb4de2485eb3d554b1f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

scsiport.sys

ScsiPortConvertUlongToPhysicalAddress
ScsiPortFreeDeviceBase
ScsiPortGetBusData
ScsiPortGetDeviceBase
ScsiPortGetSrb
ScsiPortInitialize
ScsiPortLogError
ScsiPortMoveMemory
ScsiPortNotification
ScsiPortReadPortBufferUlong
ScsiPortReadPortBufferUshort
ScsiPortReadPortUchar
ScsiPortReadPortUlong
ScsiPortReadPortUshort
ScsiPortReadRegisterUchar
ScsiPortReadRegisterUlong
ScsiPortReadRegisterUshort
ScsiPortSetBusDataByOffset
ScsiPortStallExecution
ScsiPortValidateRange
ScsiPortWritePortBufferUlong
ScsiPortWritePortBufferUshort
ScsiPortWritePortUchar
ScsiPortWritePortUlong
ScsiPortWritePortUshort
ScsiPortWriteRegisterUchar
ScsiPortWriteRegisterUlong
ScsiPortWriteRegisterUshort

hal

HalAssignSlotResources
HalDisplayString
HalGetBusData
HalGetInterruptVector
HalSetBusDataByOffset

ntoskrnl.exe

ExAllocatePoolWithTag
ExFreePool
IoConnectInterrupt
IoCreateDevice
IoDeleteDevice
IoDisconnectInterrupt
IoGetConfigurationInformation
KeNumberProcessors
KeQuerySystemTime
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
RtlAppendUnicodeToString
RtlInitUnicodeString
RtlQueryRegistryValues
_snprintf
_snwprintf
_strnicmp
_vsnprintf
memcpy
memmove
memset
sprintf
strncpy
swprintf
wcscmp
wcslen
wcsncpy

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 964B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 51B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rossym
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d309b2b2a69fb4de2485eb3d554b1f1

Headers

File Characteristics

Imports

scsiport.sys

hal

ntoskrnl.exe

Sections

.text Size: 140KB - Virtual size: 137KB

.data Size: 4KB - Virtual size: 68B

.rdata Size: 28KB - Virtual size: 24KB

/4 Size: 4KB - Virtual size: 60B

.bss Size: - Virtual size: 964B

.edata Size: 4KB - Virtual size: 51B

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1000B

.reloc Size: 4KB - Virtual size: 3KB

.rossym Size: 156KB - Virtual size: 154KB

.text
Size: 140KB - Virtual size: 137KB

.data
Size: 4KB - Virtual size: 68B

.rdata
Size: 28KB - Virtual size: 24KB

/4
Size: 4KB - Virtual size: 60B

.bss
Size: - Virtual size: 964B

.edata
Size: 4KB - Virtual size: 51B

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1000B

.reloc
Size: 4KB - Virtual size: 3KB

.rossym
Size: 156KB - Virtual size: 154KB