Extended Key Usages
ExtKeyUsageCodeSigning
Static task
static1
Behavioral task
behavioral1
Sample
PROCEXP152.dll
Resource
win10v2004-20230703-en
Target
PROCEXP152.SYS
Size
36KB
MD5
082fa0a99e4c564e9361afb33829965d
SHA1
48826c58b3e8e8724026e81d778a39c572a05f04
SHA256
8a2d946f5ef91fff3fe9e4714135a6bf8aee19e1181cf2a34b653dcd714c5604
SHA512
09705ce865c0896bb8be508f4265e9cad679acc23dd1077ba32d29fa47413be2df0a85c2b7c3429f25273cda169d8594ecbf5e6ebf3aa2ae07c72ca3bf725a5f
SSDEEP
768:8yVQcSGXgiEHT4cTNVTC1pua2Nul+brKtZ9p3g22DU9zt:8yIuKHfn7Nulfg22Yzt
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
strncpy
RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeLowerIrql
KfRaiseIrql
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
SeCaptureSubjectContext
SeReleaseSubjectContext
PsGetVersion
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObCloseHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObOpenObjectByName
__C_specific_handler
IoFileObjectType
PsProcessType
PsThreadType
PsInitialSystemProcess
RtlFreeUnicodeString
ZwSetSecurityObject
IoDeviceObjectType
IoCreateDevice
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
SeCaptureSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeExports
RtlCreateSecurityDescriptor
_wcsnicmp
wcschr
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
RtlLengthSid
IoIsWdmVersionAvailable
RtlSetDaclSecurityDescriptor
ZwOpenKey
ZwSetValueKey
ZwQueryValueKey
ZwCreateKey
KeBugCheckEx
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ