en
http://www.microsoft.com/security/porta ... 2147598255
hooked SSDT functions are:
http://www.securelist.com/ru/descriptions/old21780637
SHA256: f52dc76ff8b42840b4f7453ecbda55dfda5e9cd6165e7595f2bbd4ce5015d1e7
SHA1: c0a29732c6f2c034cbfe92ca71b3667b12c11faa
MD5: 088056b236b872fe8c8a25db3ecd2593
https://www.virustotal.com/en/file/f52d ... /analysis/
Dropper + extracted bsodkit attached.
http://www.microsoft.com/security/porta ... 2147598255
hooked SSDT functions are:
Code: Select all
runtoskrnl.exe-->NtEnumerateValueKey, Type: Address Change 0x8059066B-->F8AA0803 [C:\WINDOWS\System32\drivers\dmboot.sys]
ntoskrnl.exe-->NtQueryDirectoryFile, Type: Address Change 0x80572111-->F8AA0452 [C:\WINDOWS\System32\drivers\dmboot.sys]
ntoskrnl.exe-->NtQuerySystemInformation, Type: Address Change 0x8057BC36-->F8AA03C4 [C:\WINDOWS\System32\drivers\dmboot.sys]
ntoskrnl.exe-->NtTerminateProcess, Type: Address Change 0x805822E0-->F8AA059E [C:\WINDOWS\System32\drivers\dmboot.sys]
http://www.securelist.com/ru/descriptions/old21780637
SHA256: f52dc76ff8b42840b4f7453ecbda55dfda5e9cd6165e7595f2bbd4ce5015d1e7
SHA1: c0a29732c6f2c034cbfe92ca71b3667b12c11faa
MD5: 088056b236b872fe8c8a25db3ecd2593
https://www.virustotal.com/en/file/f52d ... /analysis/
Dropper + extracted bsodkit attached.
Attachments
pass: malware
(17.6 KiB) Downloaded 51 times
(17.6 KiB) Downloaded 51 times
Ring0 - the source of inspiration
