eeb18cd1b16060edd51246f788b6bade70672763686c4bae732c24bfb81bce56

General

Target

eeb18cd1b16060edd51246f788b6bade70672763686c4bae732c24bfb81bce56
Size

22KB
MD5

6e8047025b5543913d89d1e68f5a1652
SHA1

5c02e85c20bced0a19c67ed98e54da3bb3532498
SHA256

eeb18cd1b16060edd51246f788b6bade70672763686c4bae732c24bfb81bce56
SHA512

994d9a4d95941689f398bd70cbbd87648fb0f346fb21febcb302a51d9e459e58d46a6f1aab86a3874280df8910d10b05d43562067cd06a5937315c2a2ec4a42f
SSDEEP

384:9c9v3EyuvymGliKpcYcYMy/zivqQErmLOx4/M3pORWquGU4vDxDYHjF4N09z3b7:oCG9+u7gFrK1

Score

N/A

Malware Config

Signatures

Files

eeb18cd1b16060edd51246f788b6bade70672763686c4bae732c24bfb81bce56
.exe windows x86

d01898c9fa0741d46baef42d72661e34

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExGetPreviousMode
MmIsAddressValid
ProbeForWrite
ProbeForRead
_except_handler3
_stricmp
IofCompleteRequest
PsGetCurrentProcessId
_strupr
IoGetCurrentProcess
RtlFreeAnsiString
_strlwr
strrchr
RtlUnicodeStringToAnsiString
KeUnstackDetachProcess
ZwTerminateProcess
KeStackAttachProcess
PsLookupProcessByProcessId
ExFreePool
ExAllocatePoolWithTag
ZwPulseEvent
MmGetSystemRoutineAddress
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
ZwQuerySystemInformation
ZwQueryInformationProcess
strncmp
IoDeleteDevice
IoDeleteSymbolicLink
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
MmSizeOfMdl
PsTerminateSystemThread

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vmata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

zyata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

vtata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 928B - Virtual size: 912B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d01898c9fa0741d46baef42d72661e34

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 14KB - Virtual size: 14KB

vmata Size: 2KB - Virtual size: 2KB

zyata Size: 2KB - Virtual size: 2KB

vtata Size: 2KB - Virtual size: 2KB

INIT Size: 928B - Virtual size: 912B

.reloc Size: 384B - Virtual size: 384B

.text
Size: 14KB - Virtual size: 14KB

vmata
Size: 2KB - Virtual size: 2KB

zyata
Size: 2KB - Virtual size: 2KB

vtata
Size: 2KB - Virtual size: 2KB

INIT
Size: 928B - Virtual size: 912B

.reloc
Size: 384B - Virtual size: 384B