Desktop[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Desktop.zip
Size

3.5MB
MD5

072b4530d9690d7c789fbf49b735f164
SHA1

360ea64cd371708e9a22073ee8b3ab66728b6435
SHA256

7dfcd6c577d0c04c917b8474004d91435fea5172784e27316b3cf162c21d42d2
SHA512

1680aa6bd84750509e6f0f735baff6804d6a36906cabdc08f0bcb268fce675da972e66277efaccc7681264bf2b3ef9519f381f8b45e47d9166e00971ffb7c611
SSDEEP

98304:ZC86QAauPYHAe8voFaCGZ1NRhUcTmoFsbmKXD:ZC8sugzokh5RhUcTmoFUz

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/severe driver test 2/build.dll
unpack001/severe driver test 2/md_.km/kdm.exe
unpack001/severe driver test 2/software.exe

Files

Desktop.zip
.zip
Debug View/Dbgview.chm
.chm
Debug View/Dbgview.exe
.exe windows:5 windows x86 arch:x86

1e1114d83ae11299940afc2459ee7bc5

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:39

Not After

03/03/2021, 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:bd:d8:8d:85:25:84:85:d7:05:41:f2:84:30:c4:5f:a1:40:bf:51:9c:12:76:35:10:ae:0d:48:22:6a:52:20
Signer

Actual PE Digest

bf:bd:d8:8d:85:25:84:85:d7:05:41:f2:84:30:c4:5f:a1:40:bf:51:9c:12:76:35:10:ae:0d:48:22:6a:52:20

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

connect
listen
inet_ntoa
htonl
getsockname
bind
accept
WSAGetLastError
WSAStartup
gethostbyname
gethostbyaddr
socket
inet_addr
htons
closesocket

mpr

WNetAddConnection2A
WNetCancelConnection2A

comctl32

ord17
CreateToolbarEx

kernel32

GetModuleFileNameA
GetCommandLineA
GetSystemDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
SearchPathA
GetComputerNameA
QueryPerformanceCounter
QueryPerformanceFrequency
GetTimeFormatA
GetOverlappedResult
ResetEvent
WaitForMultipleObjects
WriteFile
ReadFile
LockResource
LoadResource
SizeofResource
FindResourceA
CreateFileA
RaiseException
GetTickCount
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
GetProcessHeap
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpyA
lstrcatA
GetDateFormatA
GlobalFree
GetFileSize
WriteFileEx
QueueUserAPC
SleepEx
ExpandEnvironmentStringsA
OutputDebugStringA
FlushFileBuffers
GetConsoleCP
CreateEventA
GetStringTypeW
CreateFileW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCurrentThread
GetACP
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
SetConsoleMode
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetConsoleMode
GetModuleHandleExW
ExitProcess
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OpenMutexA
CreateMutexA
lstrlenA
lstrcpynA
UnmapViewOfFile
FindFirstFileExW
MapViewOfFile
FormatMessageA
SystemTimeToFileTime
GetSystemTime
CloseHandle
FindClose
DeviceIoControl
WaitForSingleObject
SetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetLastError
TerminateThread
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GlobalMemoryStatus
GetVersion
FreeLibrary
InterlockedIncrement
DeleteFileA
GetEnvironmentVariableA
GetLastError
GetCommandLineW
CreateFileMappingA
GetModuleHandleA
LoadLibraryA
GetStdHandle
GetFileType
LocalFree
LocalAlloc
GetProcAddress
OutputDebugStringW
WaitForSingleObjectEx
FindFirstFileExA
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
SetConsoleCtrlHandler
WriteConsoleW
SetFilePointerEx
HeapSize
HeapReAlloc
SetEndOfFile
ReadConsoleW
DecodePointer

user32

CloseClipboard
OpenClipboard
CallWindowProcA
GetParent
DrawFocusRect
GetDialogBaseUnits
IsDlgButtonChecked
CheckRadioButton
RegisterClassExA
GetMessageA
IsDialogMessageA
LoadStringA
LoadIconA
LoadBitmapA
SetClipboardData
GetSysColor
ChildWindowFromPoint
GetCursorPos
GetWindowRect
GetClientRect
GetWindowTextA
InvalidateRgn
InvalidateRect
ReleaseDC
SetForegroundWindow
UpdateWindow
TrackPopupMenu
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EmptyClipboard
GetFocus
EnableWindow
DrawTextA
BeginPaint
EndPaint
ClientToScreen
FindWindowA
DeleteMenu
SetWindowLongA
EnableMenuItem
GetSystemMetrics
TranslateAcceleratorA
LoadAcceleratorsA
KillTimer
SetTimer
MsgWaitForMultipleObjects
ReleaseCapture
SetCapture
SetFocus
SendDlgItemMessageA
GetDlgItemTextA
SetDlgItemTextA
DialogBoxParamA
CreateDialogParamA
IsZoomed
IsIconic
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
IsWindow
CreateWindowExA
RegisterClassA
PostQuitMessage
DefWindowProcA
AttachThreadInput
PostMessageA
PeekMessageA
DispatchMessageA
TranslateMessage
RegisterWindowMessageA
MessageBoxA
InsertMenuItemA
GetMenuItemCount
GetSubMenu
CheckMenuItem
GetMenu
LoadCursorA
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextA
GetDlgItem
EndDialog
DialogBoxIndirectParamA
SendMessageA
GetWindowThreadProcessId
ScreenToClient
AppendMenuA
CheckDlgButton
GetDC

gdi32

AbortDoc
SetAbortProc
TextOutA
GetTextExtentPointA
CreateFontA
GetTextExtentPoint32A
ExtTextOutA
SetBkColor
GetObjectA
GetTextMetricsA
GetDeviceCaps
SetMapMode
StartDocA
EndDoc
StartPage
EndPage
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
DeleteDC
DeleteObject
GetStockObject
SelectObject
SetBkMode
SetTextColor
StretchBlt

comdlg32

FindTextA
ChooseColorA
GetSaveFileNameA
PrintDlgA
ChooseFontA
GetOpenFileNameA

advapi32

InitializeSecurityDescriptor
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegCreateKeyA
RegOpenKeyA
RegOpenKeyExA

shell32

SHGetSpecialFolderLocation
SHGetMalloc
Shell_NotifyIconA
ShellExecuteExA
CommandLineToArgvW
ShellExecuteA
SHBrowseForFolderA

Sections

.text
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 382KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Debug View/Dbgview64a.exe
Debug View/Eula.txt
Debug View/dbgview64.exe
.exe windows:5 windows x64 arch:x64

0d2cbe6b8a0b15c4e2f5a77d616d765b

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:39

Not After

03/03/2021, 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:01:b8:68:a4:d1:74:3e:3f:42:05:07:8b:85:16:9a:04:1c:b9:ab:ff:82:d8:33:72:45:5d:75:60:25:c7:48
Signer

Actual PE Digest

53:01:b8:68:a4:d1:74:3e:3f:42:05:07:8b:85:16:9a:04:1c:b9:ab:ff:82:d8:33:72:45:5d:75:60:25:c7:48

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

connect
listen
inet_ntoa
htonl
getsockname
bind
accept
WSAGetLastError
WSAStartup
gethostbyname
gethostbyaddr
socket
inet_addr
htons
closesocket

mpr

WNetAddConnection2A
WNetCancelConnection2A

comctl32

ord17
CreateToolbarEx

kernel32

GetCommandLineA
GetSystemDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
SearchPathA
GetComputerNameA
QueryPerformanceCounter
QueryPerformanceFrequency
GetTimeFormatA
GetOverlappedResult
ResetEvent
WaitForMultipleObjects
WriteFile
ReadFile
LockResource
LoadResource
SizeofResource
FindResourceA
CreateFileA
RaiseException
GetTickCount
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
GetProcessHeap
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpyA
lstrcatA
GetDateFormatA
GlobalFree
GetFileSize
WriteFileEx
QueueUserAPC
SleepEx
ExpandEnvironmentStringsA
OutputDebugStringA
FlushFileBuffers
GetConsoleCP
ReadConsoleW
GetStringTypeW
CreateFileW
CreateFileMappingA
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCurrentThread
GetACP
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
SetConsoleMode
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetConsoleMode
GetModuleHandleExW
ExitProcess
RtlPcToFileHeader
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventA
OpenMutexA
CreateMutexA
FindFirstFileExW
lstrlenA
lstrcpynA
UnmapViewOfFile
MapViewOfFile
FormatMessageA
SystemTimeToFileTime
GetSystemTime
CloseHandle
FindClose
DeviceIoControl
WaitForSingleObject
SetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetLastError
TerminateThread
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GlobalMemoryStatus
GetVersion
FreeLibrary
DeleteFileA
GetEnvironmentVariableA
GetLastError
GetCommandLineW
GetModuleFileNameA
GetModuleHandleA
LoadLibraryA
GetStdHandle
GetFileType
LocalFree
LocalAlloc
FindNextFileA
GetProcAddress
OutputDebugStringW
WaitForSingleObjectEx
FindFirstFileExA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
SetConsoleCtrlHandler
WriteConsoleW
SetFilePointerEx
HeapSize
HeapReAlloc
SetEndOfFile
EnumSystemLocalesW
RtlUnwind

user32

SetClipboardData
CloseClipboard
OpenClipboard
CallWindowProcA
GetParent
DrawFocusRect
GetDialogBaseUnits
IsDlgButtonChecked
CheckRadioButton
RegisterClassExA
GetMessageA
IsDialogMessageA
EmptyClipboard
LoadIconA
LoadBitmapA
FindWindowA
GetSysColor
ChildWindowFromPoint
GetCursorPos
GetWindowRect
GetClientRect
GetWindowTextA
InvalidateRgn
ReleaseDC
GetDC
SetForegroundWindow
GetFocus
EnableWindow
DrawTextA
BeginPaint
EndPaint
ClientToScreen
LoadStringA
UpdateWindow
TrackPopupMenu
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
DeleteMenu
AppendMenuA
SetWindowLongPtrA
GetSystemMetrics
TranslateAcceleratorA
LoadAcceleratorsA
KillTimer
SetTimer
MsgWaitForMultipleObjects
ReleaseCapture
SetCapture
SetFocus
SendDlgItemMessageA
GetDlgItemTextA
SetDlgItemTextA
DialogBoxParamA
CreateDialogParamA
IsZoomed
IsIconic
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
IsWindow
CreateWindowExA
RegisterClassA
PostQuitMessage
DefWindowProcA
AttachThreadInput
PostMessageA
PeekMessageA
DispatchMessageA
TranslateMessage
RegisterWindowMessageA
MessageBoxA
InsertMenuItemA
GetMenuItemCount
GetSubMenu
CheckMenuItem
GetMenu
LoadCursorA
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextA
GetDlgItem
EndDialog
DialogBoxIndirectParamA
SendMessageA
GetWindowThreadProcessId
ScreenToClient
EnableMenuItem
CheckDlgButton
InvalidateRect

gdi32

AbortDoc
SetAbortProc
TextOutA
GetTextExtentPointA
CreateFontA
GetTextExtentPoint32A
GetDeviceCaps
SetMapMode
StartDocA
EndDoc
StartPage
EndPage
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
DeleteDC
DeleteObject
GetStockObject
SelectObject
SetBkMode
StretchBlt
SetTextColor
GetTextMetricsA
GetObjectA
ExtTextOutA
SetBkColor

comdlg32

FindTextA
ChooseColorA
GetSaveFileNameA
PrintDlgA
ChooseFontA
GetOpenFileNameA

advapi32

InitializeSecurityDescriptor
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegCreateKeyA
RegOpenKeyA
RegOpenKeyExA

shell32

SHGetSpecialFolderLocation
SHGetMalloc
Shell_NotifyIconA
ShellExecuteExA
ShellExecuteA
SHBrowseForFolderA

Sections

.text
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 461KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
severe driver test 2/build.dll
.dll windows:6 windows x64 arch:x64

860e9876b2cc4af7908e31f3f1403f5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

d3d11

D3D11CreateDeviceAndSwapChain

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
GetTokenInformation
AddAccessAllowedAce
GetLengthSid
SetSecurityInfo
InitializeAcl
OpenProcessToken
RegSetValueExA
IsValidSid
RegCreateKeyExA
RegGetValueA
RegOpenKeyA
RegCloseKey
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam

normaliz

IdnToAscii

wldap32

ord46
ord211
ord217
ord143
ord45
ord50
ord41
ord22
ord26
ord27
ord60
ord32
ord35
ord79
ord30
ord200
ord301
ord33

crypt32

CertFindCertificateInStore
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertGetCertificateChain

ws2_32

getsockname
bind
accept
__WSAFDIsSet
socket
htons
WSAIoctl
listen
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
WSACleanup
closesocket
WSASend
select
shutdown
WSASetLastError
WSASocketW
getaddrinfo
WSAStartup
connect
WSARecv
getsockopt
freeaddrinfo
ioctlsocket
setsockopt
WSAGetLastError
htonl
recv
recvfrom
sendto
getpeername
gethostname
ntohs

kernel32

GetTimeZoneInformation
DeleteFileW
HeapReAlloc
GetExitCodeProcess
CreateProcessW
SetEndOfFile
IsValidCodePage
GetACP
GetOEMCP
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
LoadLibraryExW
InterlockedFlushSList
RtlUnwindEx
GetCPInfo
GetStringTypeW
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
LoadLibraryA
GetProcAddress
QueryPerformanceFrequency
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
ReadFile
Process32First
SetWaitableTimer
TlsSetValue
SetLastError
EnterCriticalSection
SetConsoleTitleA
GetCurrentProcess
GetStdHandle
WriteFile
SetCurrentConsoleFontEx
DeviceIoControl
GetCommandLineA
WaitForMultipleObjects
Module32Next
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
CreateMutexA
WaitForSingleObject
Module32First
OpenProcess
SetCurrentDirectoryA
PostQueuedCompletionStatus
CreateToolhelp32Snapshot
CreateEventW
Sleep
FormatMessageW
GetTickCount64
FlushFileBuffers
GetLastError
CreateFileA
SetEvent
GetSystemDirectoryA
TerminateThread
TlsAlloc
DeleteFileA
Process32Next
CloseHandle
QueueUserAPC
CreateWaitableTimerA
LocalFree
DeleteCriticalSection
ExitProcess
ReadProcessMemory
GetConsoleWindow
SleepEx
TlsGetValue
CreateProcessA
K32EnumProcessModules
TlsFree
FormatMessageA
CreateIoCompletionPort
GetTickCount
AllocConsole
MulDiv
VirtualQueryEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
PeekNamedPipe
GetCurrentProcessId
VerifyVersionInfoW
GetFileSizeEx
GetModuleHandleW
SetThreadExecutionState
InitializeCriticalSection
GetModuleHandleExW
TryAcquireSRWLockExclusive
GetFileInformationByHandleEx
MoveFileExW
AreFileApisANSI
SetFileInformationByHandle
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
GetLocaleInfoEx
RaiseException
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
EncodePointer
DecodePointer
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
K32GetModuleFileNameExA
IsValidLocale
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
TerminateProcess
RtlUnwind

user32

LoadImageW
CreateIconIndirect
SystemParametersInfoW
GetMonitorInfoW
GetRawInputData
RegisterRawInputDevices
RegisterDeviceNotificationW
UnregisterDeviceNotification
UnregisterClassW
ToUnicode
ChangeDisplaySettingsExW
EnumDisplaySettingsW
EnumDisplaySettingsExW
EnumDisplayDevicesW
EnumDisplayMonitors
DestroyIcon
GetRawInputDeviceList
SetWindowTextW
RemovePropW
GetPropW
SetPropW
GetSystemMetrics
MsgWaitForMultipleObjects
MapVirtualKeyW
GetKeyState
GetActiveWindow
SetFocus
IsZoomed
BringWindowToTop
IsIconic
IsWindowVisible
SetWindowPlacement
LoadCursorW
GetClassLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
GetRawInputDeviceInfoA
GetWindowPlacement
FlashWindow
SetLayeredWindowAttributes
GetLayeredWindowAttributes
ClipCursor
CreateWindowExW
RegisterClassExW
DefWindowProcW
WaitMessage
PostMessageW
SendMessageW
GetMessageTime
PeekMessageW
DispatchMessageW
TranslateMessage
GetWindowRect
SetWindowPos
CallNextHookEx
ShowWindow
GetAsyncKeyState
SetWindowLongA
SetWindowsHookExA
GetWindowLongA
SetWindowDisplayAffinity
MapVirtualKeyA
MoveWindow
UnhookWindowsHookEx
mouse_event
GetWindowDisplayAffinity
GetDesktopWindow
FindWindowA
UpdateWindow
SetForegroundWindow
SendInput
GetDC
MonitorFromWindow
ScreenToClient
ClientToScreen
TrackMouseEvent
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
ReleaseDC
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
WindowFromPoint
SetRect
DestroyWindow
AdjustWindowRectEx

gdi32

CreateRectRgn
SwapBuffers
SetPixelFormat
DescribePixelFormat
ChoosePixelFormat
SetDeviceGammaRamp
GetDeviceGammaRamp
DeleteDC
CreateDCW
CreateDIBSection
CreateBitmap
GetDeviceCaps
DeleteObject

shell32

DragFinish
DragQueryPoint
DragQueryFileW
SHGetFolderPathA
ShellExecuteA
DragAcceptFiles

ole32

CoCreateInstance
CoInitialize
CoUninitialize

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlPcToFileHeader

bcrypt

BCryptGenRandom

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 644KB - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
severe driver test 2/md_.km/kdm.exe
.exe windows:6 windows x64 arch:x64

e8ae7a46f6ae5c926f0efda68df86398

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualFree
GetModuleHandleA
VirtualAlloc
SetUnhandledExceptionFilter
GetTempPathW
VirtualQuery
GetCurrentThreadId
GetCurrentProcessId
DeviceIoControl
CloseHandle
GetProcAddress
CreateFileW
GetProcessHeap
HeapFree
HeapAlloc
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
RaiseException
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WideCharToMultiByte
MultiByteToWideChar
CreateSymbolicLinkW
GetFileInformationByHandleEx
CreateHardLinkW
MoveFileExW
CopyFileW
CreateDirectoryExW
GetModuleHandleW
GetLastError
AreFileApisANSI
SetFileTime
SetFileInformationByHandle
SetFileAttributesW
GetFullPathNameW
GetFinalPathNameByHandleW
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetLocaleInfoEx
FormatMessageA
LocalFree
FreeLibrary

advapi32

RegSetKeyValueW
RegOpenKeyW
RegCreateKeyW
RegCloseKey
RegDeleteTreeW

msvcp140d

??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
_Mbrtowc
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?_Xlength_error@std@@YAXPEBD@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??7ios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?setf@ios_base@std@@QEAAHHH@Z
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

ntdll

NtQuerySystemInformation
RtlInitUnicodeString

vcruntime140d

__vcrt_LoadLibraryExW
__vcrt_GetModuleHandleW
__vcrt_GetModuleFileNameW
__current_exception_context
__current_exception
__C_specific_handler
memcmp
_CxxThrowException
__std_exception_destroy
__std_exception_copy
wcsstr
memset
memmove
memcpy
__std_type_info_destroy_list
__C_specific_handler_noexcept

vcruntime140_1d

__CxxFrameHandler4

ucrtbased

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_wmakepath_s
_wsplitpath_s
wcscpy_s
_seh_filter_dll
_cexit
__p___wargv
__p___argc
_set_fmode
_exit
exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
__setusermatherr
_set_app_type
_seh_filter_exe
__p__commode
malloc
_callnewh
terminate
_malloc_dbg
_free_dbg
_calloc_dbg
_wcsicmp
_time64
_unlock_file
_lock_file
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputc
fgetpos
fgetc
fflush
fclose
_get_stream_buffer_pointers
_wremove
_CrtDbgReport
rand
srand
strlen
_stricmp
wcslen
_invalid_parameter
_set_new_mode
_configthreadlocale
_register_thread_local_exe_atexit_callback
_CrtDbgReportW
_c_exit
___lc_codepage_func

Sections

.textbss
Size: - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
severe driver test 2/md_.km/md_.syn.sys
.sys windows:10 windows x64 arch:x64

cdbd9fe38f5a4d647d699412329b0652

Code Sign

4e:c3:04:77:4f:c1:bf:96:4f:33:c8:35:3f:3b:70:a6
Certificate

Issuer

CN=WDKTestCert SDFFT\,133449976331035833

Not Before

20/11/2023, 23:47

Not After

20/11/2033, 00:00

Subject

CN=WDKTestCert SDFFT\,133449976331035833

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

63:0a:2d:56:ff:a5:19:6f:13:28:ce:cd:51:12:7f:d2:78:e5:73:ee:11:43:9e:66:61:02:02:02:a8:74:6c:48
Signer

Actual PE Digest

63:0a:2d:56:ff:a5:19:6f:13:28:ce:cd:51:12:7f:d2:78:e5:73:ee:11:43:9e:66:61:02:02:02:a8:74:6c:48

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlInitUnicodeString
RtlCompareUnicodeString
DbgPrintEx
RtlGetVersion
ExAllocatePool2
ExFreePoolWithTag
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
ObfDereferenceObject
MmCopyMemory
PsLookupProcessByProcessId
IoCreateDriver
ZwQuerySystemInformation

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
severe driver test 2/software.exe
.exe windows:6 windows x64 arch:x64

08474c3b11f25f0b1256c5cfba340b36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteConsoleW
FlsSetValue
HeapSize
GetCurrentDirectoryW
ReadFile
Process32First
WriteProcessMemory
GetCurrentProcess
GetStdHandle
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
K32GetModuleFileNameExA
Process32Next
CloseHandle
GetProcAddress
VirtualAllocEx
GetCurrentProcessId
GetConsoleWindow
CreateRemoteThread
CreateFileW
GetLastError
GetFileAttributesExW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
FormatMessageA
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
AreFileApisANSI
GetModuleHandleW
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
LocalFree
GetLocaleInfoEx
QueryPerformanceCounter
GetCurrentThreadId
EncodePointer
DecodePointer
FlsAlloc
FlsGetValue
RtlUnwind
FlsFree
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
WriteFile
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
GetFileType
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetFileSizeEx
SetFilePointerEx
CompareStringW
LCMapStringW

user32

ShowWindow

shell32

SHGetFolderPathA

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
severe driver test 2/xxxxxxxxx.ini

Sharing

General

Malware Config

Signatures

Files

1e1114d83ae11299940afc2459ee7bc5

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

bf:bd:d8:8d:85:25:84:85:d7:05:41:f2:84:30:c4:5f:a1:40:bf:51:9c:12:76:35:10:ae:0d:48:22:6a:52:20Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

mpr

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 375KB - Virtual size: 375KB

.rdata Size: 77KB - Virtual size: 76KB

.data Size: 4KB - Virtual size: 85KB

.rsrc Size: 382KB - Virtual size: 381KB

.reloc Size: 17KB - Virtual size: 17KB

0d2cbe6b8a0b15c4e2f5a77d616d765b

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

53:01:b8:68:a4:d1:74:3e:3f:42:05:07:8b:85:16:9a:04:1c:b9:ab:ff:82:d8:33:72:45:5d:75:60:25:c7:48Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

mpr

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 456KB - Virtual size: 456KB

.rdata Size: 119KB - Virtual size: 118KB

.data Size: 5KB - Virtual size: 89KB

.pdata Size: 23KB - Virtual size: 23KB

.rsrc Size: 461KB - Virtual size: 460KB

.reloc Size: 2KB - Virtual size: 2KB

860e9876b2cc4af7908e31f3f1403f5f

Headers

DLL Characteristics

File Characteristics

Imports

version

d3d11

advapi32

normaliz

wldap32

crypt32

ws2_32

kernel32

user32

gdi32

shell32

ole32

imm32

ntdll

bcrypt

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

bf:bd:d8:8d:85:25:84:85:d7:05:41:f2:84:30:c4:5f:a1:40:bf:51:9c:12:76:35:10:ae:0d:48:22:6a:52:20
Signer

.text
Size: 375KB - Virtual size: 375KB

.rdata
Size: 77KB - Virtual size: 76KB

.data
Size: 4KB - Virtual size: 85KB

.rsrc
Size: 382KB - Virtual size: 381KB

.reloc
Size: 17KB - Virtual size: 17KB

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

53:01:b8:68:a4:d1:74:3e:3f:42:05:07:8b:85:16:9a:04:1c:b9:ab:ff:82:d8:33:72:45:5d:75:60:25:c7:48
Signer

.text
Size: 456KB - Virtual size: 456KB

.rdata
Size: 119KB - Virtual size: 118KB

.data
Size: 5KB - Virtual size: 89KB

.pdata
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 461KB - Virtual size: 460KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 644KB - Virtual size: 644KB

.data
Size: 1.7MB - Virtual size: 1.7MB

.pdata
Size: 73KB - Virtual size: 72KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB

.textbss
Size: - Virtual size: 151KB

.text
Size: 343KB - Virtual size: 342KB

.rdata
Size: 132KB - Virtual size: 132KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 25KB - Virtual size: 24KB

.idata
Size: 15KB - Virtual size: 15KB

.msvcjmc
Size: 2KB - Virtual size: 2KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 373B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

4e:c3:04:77:4f:c1:bf:96:4f:33:c8:35:3f:3b:70:a6
Certificate

63:0a:2d:56:ff:a5:19:6f:13:28:ce:cd:51:12:7f:d2:78:e5:73:ee:11:43:9e:66:61:02:02:02:a8:74:6c:48
Signer

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 88B

.pdata
Size: 512B - Virtual size: 228B

INIT
Size: 512B - Virtual size: 472B

.reloc
Size: 512B - Virtual size: 36B

.text
Size: 149KB - Virtual size: 149KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 5KB - Virtual size: 12KB

.pdata
Size: 9KB - Virtual size: 9KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB