a808df17a93c5ed70c127526d5d61525_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a808df17a93c5ed70c127526d5d61525_JaffaCakes118
Size

718KB
MD5

a808df17a93c5ed70c127526d5d61525
SHA1

ffb9e06dab3d1f413cba2adda4774063d9e1ea2c
SHA256

651c2ba9c655a4f79a781763f0b9d39413f629e40ea620c6870568015d45992e
SHA512

c0429a05bc6afa3c6c717f9b78da6e80631c203cdd25fa54658b14d54a788b592707d45216f7bb0f5251d687f99303c3422962cee274751e54d3379a68a4dc93
SSDEEP

12288:iCfKLudAQgpUhpUsRS0LC8zVXrjDc99srnw7SyTJtQ2Cg4iOwMS9Bhmy9HK2vfEx:0ud8UssRSanzVXrKazw+yQpniO6Btbfq

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver32/int.exe
unpack001/熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver32/kpxim.sys
unpack001/熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver32/kpxtdi.sys
unpack001/熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver64/int.exe
unpack001/熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver64/kpxim.sys
unpack001/熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver64/kpxtdi.sys

Files

a808df17a93c5ed70c127526d5d61525_JaffaCakes118
.rar
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/Config.ini
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/data/FilesVer.ini
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/data/Lang
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/data/News
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/data/ServersData
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/data/data.dat
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/data/data00
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/data/data01
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/data/data10
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/data/data11
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/data/data20
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/data/data30
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/data/data40
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/data/gdata
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/data/gdatas
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/data/sdata.dat
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/data/sdata0
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/data/sdata1
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver32/e2gdist.cer
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver32/e2groot.cer
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver32/int.exe
.exe windows:5 windows x86 arch:x86

7aa565ea47da878a448f1cc8fd5f233b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

i:\kernel\kpx\kpxim_install\objfre_w2K_x86\i386\int.pdb

Imports

msvcrt

__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__winitenv
__set_app_type
_except_handler3
_controlfp
exit
_cexit
_XcptFilter
_exit
_c_exit
_wsplitpath
wcscpy
wcscat
_wcsicmp
fopen
fputs
sprintf
wcslen
__p__fmode
fclose

kernel32

GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
WideCharToMultiByte
GetProcAddress
GetCurrentProcess
TerminateProcess
GetLastError
GetModuleFileNameW

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize

setupapi

SetupCopyOEMInfW

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver32/kpxim.cat
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver32/kpxim.sys
.sys windows:5 windows x86 arch:x86

795da254a03eed7955f53558e5a2e991

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

i:\kernel\kpx\kpxim\objfre_w2K_x86\i386\kpxim.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
ZwClose
KeInitializeSemaphore
PsCreateSystemThread
KeWaitForMultipleObjects
PsTerminateSystemThread
KeReleaseSemaphore
IofCompleteRequest
_except_handler3
ExAllocatePoolWithTag
memmove
ExFreePool

ndis.sys

NdisTerminateWrapper
NdisInterlockedRemoveHeadList
NdisInterlockedInsertTailList
NdisQueryBufferOffset
NDIS_BUFFER_TO_SPAN_PAGES
NdisInitializeTimer
NdisSetTimer
NdisCancelTimer
NdisGetSystemUpTime
NdisGetReceivedPacket
NdisDprAllocatePacket
NdisIMCancelInitializeDeviceInstance
NdisIMDeInitializeDeviceInstance
NdisDprAcquireSpinLock
NdisSetEvent
NdisReleaseSpinLock
NdisAcquireSpinLock
NdisMSetAttributesEx
NdisIMGetDeviceContext
NdisFreePacket
NdisIMCopySendCompletePerPacketInfo
NdisSend
NdisIMCopySendPerPacketInfo
NdisAllocatePacket
NdisAllocateBuffer
NdisRequest
NdisReturnPackets
NdisFreeBuffer
NdisQueryBufferSafe
NdisTransferData
NdisFreePacketPool
NdisFreeMemory
NdisFreeSpinLock
NdisFreeBufferPool
NdisWaitEvent
NdisCloseAdapter
NdisResetEvent
NdisMDeregisterDevice
NdisIMDeregisterLayeredMiniport
NdisDprReleaseSpinLock
NdisIMAssociateMiniport
NdisRegisterProtocol
NdisInitUnicodeString
NdisMRegisterUnloadHandler
NdisIMRegisterLayeredMiniport
NdisInitializeWrapper
NdisAllocateSpinLock
NdisMRegisterDevice
NdisMSleep
NdisCloseConfiguration
NdisIMInitializeDeviceInstanceEx
NdisOpenAdapter
NdisAllocateBufferPool
NdisAllocatePacketPoolEx
NdisInitializeEvent
NdisAllocateMemoryWithTag
NdisReadConfiguration
NdisOpenProtocolConfiguration
NdisDeregisterProtocol
NdisDprFreePacket
NdisReEnumerateProtocolBindings

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver32/kpximm.cat
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver32/kpxtdi.sys
.sys windows:5 windows x86 arch:x86

dbe6f561cef79c7f9117fed83156d7be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

i:\kernel\kpx\kpxtdi\objfre_w2K_x86\i386\kpxtdi.pdb

Imports

ntoskrnl.exe

IoAcquireRemoveLockEx
IofCallDriver
IoReleaseRemoveLockEx
IofCompleteRequest
ObfDereferenceObject
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
IoGetDeviceObjectPointer
_except_handler3
IoCreateSymbolicLink
KeInitializeSpinLock
ExFreePool
ExAllocatePoolWithTag
KeTickCount
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
ZwOpenFile
KeSetEvent
IoFreeIrp
IoFreeMdl
MmUnlockPages
KeWaitForSingleObject
MmProbeAndLockPages
IoAllocateMdl
IoAllocateIrp
KeInitializeEvent
IoBuildAsynchronousFsdRequest
KeBugCheckEx
RtlInitUnicodeString
ZwClose
IoDeleteDevice
strncmp
IoGetCurrentProcess
strncpy

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 566B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver32/netsf.inf
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver32/netsf_m.inf
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver64/e2gdist.cer
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver64/e2groot.cer
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver64/int.exe
.exe windows:5 windows x64 arch:x64

fecee1c0992dfbea59f2a3229f812df3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

i:\kernel\kpx\kpxim_install\objfre_wnet_AMD64\amd64\int.pdb

Imports

msvcrt

_fmode
__set_app_type
_commode
__setusermatherr
_initterm
__wgetmainargs
__winitenv
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_wsplitpath
_wcsicmp
memset
fopen
sprintf
fputs
fclose

kernel32

WideCharToMultiByte
GetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleFileNameW

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize

setupapi

SetupCopyOEMInfW

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver64/kpxim.cat
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver64/kpxim.sys
.sys windows:5 windows x64 arch:x64

129cd2f107198b0337fc5425f600b2c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

i:\kernel\kpx\kpxim\objfre_wnet_AMD64\amd64\kpxim.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeInitializeSemaphore
PsCreateSystemThread
KeWaitForMultipleObjects
PsTerminateSystemThread
ZwClose
ExInterlockedRemoveHeadList
ExInterlockedInsertTailList
KeReleaseSemaphore
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
RtlInitUnicodeString
IofCompleteRequest
MmMapLockedPagesSpecifyCache
IoFreeMdl
ExAllocatePoolWithTag
ExFreePoolWithTag
__C_specific_handler
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock

ndis.sys

NdisWaitEvent
NdisInitializeTimer
NdisSetTimer
NdisCancelTimer
NdisGetSystemUpTime
NdisGetReceivedPacket
NdisDprAllocatePacket
NdisIMCancelInitializeDeviceInstance
NdisIMDeInitializeDeviceInstance
NdisOpenProtocolConfiguration
NdisReadConfiguration
NdisAllocateMemoryWithTag
NdisInitializeEvent
NdisAllocatePacketPoolEx
NdisAllocateBufferPool
NdisOpenAdapter
NdisIMInitializeDeviceInstanceEx
NdisCloseConfiguration
NdisReEnumerateProtocolBindings
NdisIMNotifyPnPEvent
NdisDprFreePacket
NdisSetEvent
NdisMSetAttributesEx
NdisIMGetDeviceContext
NdisFreePacket
NdisIMCopySendCompletePerPacketInfo
NdisIMCopySendPerPacketInfo
NdisAllocatePacket
NdisIMGetCurrentPacketStack
NdisAllocateBuffer
NdisRequest
NdisCancelSendPackets
NdisFreePacketPool
NdisReturnPackets
NdisGetPoolFromPacket
NdisFreeMemory
NdisFreeBufferPool
NdisDeregisterProtocol
NdisCloseAdapter
NdisResetEvent
NdisMDeregisterDevice
NdisIMDeregisterLayeredMiniport
NdisTerminateWrapper
NdisIMAssociateMiniport
NdisRegisterProtocol
NdisMRegisterUnloadHandler
NdisIMRegisterLayeredMiniport
NdisInitializeWrapper
NdisMRegisterDevice
NdisMSleep

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver64/kpximm.cat
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver64/kpxtdi.sys
.sys windows:5 windows x64 arch:x64

fae34bb289f29fa9ac961fe7da830cde

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

i:\kernel\kpx\kpxtdi\objfre_wnet_AMD64\amd64\kpxtdi.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
RtlInitUnicodeString
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
IofCallDriver
IofCompleteRequest
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
ObfDereferenceObject
IoCreateDevice
IoGetDeviceObjectPointer
__C_specific_handler
IoCreateSymbolicLink
KeReleaseSpinLock
ExFreePoolWithTag
KeAcquireSpinLockRaiseToDpc
ExAllocatePoolWithTag
ZwClose
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
ZwOpenFile
KeSetEvent
IoFreeIrp
IoFreeMdl
MmUnlockPages
KeWaitForSingleObject
MmProbeAndLockPages
IoAllocateMdl
IoAllocateIrp
KeInitializeEvent
IoBuildAsynchronousFsdRequest
KeBugCheckEx
strncmp
IoGetCurrentProcess
strncpy

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver64/netsf.inf
熏熏金牌网吧代理_3_79_绿色免费版_Jisuxz.com/driver64/netsf_m.inf

Sharing

General

Malware Config

Signatures

Files

7aa565ea47da878a448f1cc8fd5f233b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

ole32

setupapi

Sections

.text Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 68B

795da254a03eed7955f53558e5a2e991

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

ndis.sys

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 640B - Virtual size: 628B

.data Size: 384B - Virtual size: 372B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 1KB - Virtual size: 1KB

dbe6f561cef79c7f9117fed83156d7be

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 388B

.data Size: 128B - Virtual size: 80B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 640B - Virtual size: 566B

fecee1c0992dfbea59f2a3229f812df3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

ole32

setupapi

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 168B

129cd2f107198b0337fc5425f600b2c2

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

ndis.sys

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 896B

.pdata Size: 1KB - Virtual size: 1KB

INIT Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 936B

fae34bb289f29fa9ac961fe7da830cde

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

.text
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 68B

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 640B - Virtual size: 628B

.data
Size: 384B - Virtual size: 372B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 388B

.data
Size: 128B - Virtual size: 80B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 640B - Virtual size: 566B

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 168B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 896B

.pdata
Size: 1KB - Virtual size: 1KB

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 936B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 392B

.pdata
Size: 512B - Virtual size: 372B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 944B