14020b1ecd04488af412801484940fa1edb14cefde2dc3d884539a436e94a993

General

Target

14020b1ecd04488af412801484940fa1edb14cefde2dc3d884539a436e94a993
Size

7KB
MD5

04cebdd3f542756edf83827b70ba396e
SHA1

a678d05f7d754d504dc00a6f3bf0a879d5a790f0
SHA256

14020b1ecd04488af412801484940fa1edb14cefde2dc3d884539a436e94a993
SHA512

0abd4d30d11b6cad84e92028d60bdd347c0f51445d28a48c1204052d5287fd91412c1a824ebca8f64c1c759f991d282496bbb52bfbe9369e0d12e4414e4d119e
SSDEEP

96:7rH5DH5Dp4CWQ3GTV1u5L70/9MGeAsx63/M5c98SdJxtYPcDX3Vma:7BH5Dp4CWTV0LYXeAW6ss8S9tgQ1ma

Score

N/A

Malware Config

Signatures

Files

14020b1ecd04488af412801484940fa1edb14cefde2dc3d884539a436e94a993
.exe windows x86

51246bb724cc68b84a17a99e25ba425d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice
MmProbeAndLockPages
_except_handler3
MmMapLockedPages
IoFreeMdl
MmUnlockPages
IoAllocateMdl
PsGetCurrentProcessId
MmUnmapLockedPages
ObfDereferenceObject
ObReferenceObjectByHandle
KeSetEvent
PsGetCurrentThreadId
PsSetCreateProcessNotifyRoutine
RtlFreeUnicodeString
RtlUpcaseUnicodeString
ExFreePoolWithTag
RtlUpcaseUnicodeChar
ExAllocatePoolWithTag
PsSetLoadImageNotifyRoutine
RtlExtendedLargeIntegerDivide
RtlExtendedIntegerMultiply
KeQueryTimeIncrement
KeTickCount

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51246bb724cc68b84a17a99e25ba425d

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 512B - Virtual size: 356B

.data Size: 512B - Virtual size: 1KB

INIT Size: 1024B - Virtual size: 876B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 332B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 356B

.data
Size: 512B - Virtual size: 1KB

INIT
Size: 1024B - Virtual size: 876B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 332B