eb3e9f26123a588c89dd8032ea1590ca7249785d5cfb42fbee05d6516d67f0eb

General

Target

eb3e9f26123a588c89dd8032ea1590ca7249785d5cfb42fbee05d6516d67f0eb
Size

33KB
MD5

78dde278bff14ddcd25d77ece3113eb2
SHA1

3e6b4a169c21d9d224b9bb834214ec484cdcb4b5
SHA256

eb3e9f26123a588c89dd8032ea1590ca7249785d5cfb42fbee05d6516d67f0eb
SHA512

3285cb88dfef44d004e34f29559a6f5d338f3c56bd974fd55638b15cd3bf2097e4d22fed31da55b2c456994d44a3cff5b75b83af60072f277c0e9a5599557104
SSDEEP

768:UicEuQIrl/U5/4J2UvDqKPSxrTwSvAzdEPhgTgVKNT+TS2Y0AP4LvzN3hGTCpkRI:9cEuRU5/4J2UvDqcSxHwSvAzdEPhgTg

Score

N/A

Malware Config

Signatures

Files

eb3e9f26123a588c89dd8032ea1590ca7249785d5cfb42fbee05d6516d67f0eb
.exe windows x86

19455e91a5be41894f00553fb2030c8a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

islower
strchr
strstr
tolower
srand
isdigit
isprint
atoi
toupper
atol
isupper
isspace
isxdigit
strrchr
ZwCreateFile
ZwSetValueKey
ZwClose
ZwOpenKey
ZwEnumerateKey
RtlInitUnicodeString
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
MmIsAddressValid
IoRegisterDriverReinitialization
_wcslwr
wcsncpy
PsGetVersion
ZwCreateKey
wcslen
wcscat
wcscpy
ZwUnmapViewOfSection
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
strncmp
IoGetCurrentProcess
_wcsnicmp
RtlAnsiStringToUnicodeString

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19455e91a5be41894f00553fb2030c8a

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 27KB - Virtual size: 27KB

.data Size: 3KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 3KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB