88881bc0ee1af12a5d0fc1b0a7063357f4138cf36c3ef9e76e1b47e44fe0b235

General

Target

88881bc0ee1af12a5d0fc1b0a7063357f4138cf36c3ef9e76e1b47e44fe0b235
Size

14KB
MD5

dbc54944a7eb052d58f616305666f71b
SHA1

a20f3165d98b94610d322cab4f79e3ddc84e8f52
SHA256

88881bc0ee1af12a5d0fc1b0a7063357f4138cf36c3ef9e76e1b47e44fe0b235
SHA512

128bca4cc571baaeaa66ae0dacb915c4df9719836d37db1fb95c052655da3e4de431736b88f6c33550e0b9907c8dd72b4101836de9a11cbb43e82d09a0c5b656
SSDEEP

192:18hbE+9spbbuQfaO72ua6zcW2+KO2XX8owLTBUOFGvF:18hI+ARis2ZC2+KX8owLTBUOg

Score

N/A

Malware Config

Signatures

Files

88881bc0ee1af12a5d0fc1b0a7063357f4138cf36c3ef9e76e1b47e44fe0b235
.exe windows x86

64a335fd1fd6e2822eaa0794ec1ee8bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strncmp
IoGetCurrentProcess
IofCompleteRequest
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
ExAllocatePoolWithTag
MmSizeOfMdl
ZwQueryInformationProcess
PsGetCurrentProcessId
ExGetPreviousMode
MmIsAddressValid
ProbeForWrite
ProbeForRead
_except_handler3
_stricmp
_strupr
RtlFreeAnsiString
_strlwr
strrchr
RtlUnicodeStringToAnsiString
KeUnstackDetachProcess
ZwTerminateProcess
KeStackAttachProcess
PsLookupProcessByProcessId
PsTerminateSystemThread
ExFreePool
ZwQuerySystemInformation
ZwPulseEvent
MmGetSystemRoutineAddress
PsSetLoadImageNotifyRoutine
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 960B - Virtual size: 946B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 480B - Virtual size: 450B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64a335fd1fd6e2822eaa0794ec1ee8bc

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 896B - Virtual size: 872B

.data Size: 7KB - Virtual size: 7KB

INIT Size: 960B - Virtual size: 946B

.reloc Size: 480B - Virtual size: 450B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 896B - Virtual size: 872B

.data
Size: 7KB - Virtual size: 7KB

INIT
Size: 960B - Virtual size: 946B

.reloc
Size: 480B - Virtual size: 450B