z:\IeMain\filehook\114xuncm\Freezefs.pdb
Static task
static1
1 signatures
General
-
Target
7888e6bd31301ac9106db04055271a62
-
Size
8KB
-
MD5
7888e6bd31301ac9106db04055271a62
-
SHA1
1d64bc05eb986f3bc2844aca50a6982a1a5f96ce
-
SHA256
3a5fb46556f6bca7563b67e5217dc0d5652cb3a495b821a32c86d8f9a7a66e3f
-
SHA512
c89a6c73e3fd615d7c8838a3da981c5fe7cf84c541088e6909171c8f0d4561a799457cc8f0fbec3e517ddcfb7263b2727f389ef71f174531be319164ef35b955
-
SSDEEP
96:upsUCBrs1VtloYuWigSiQwCpdqGodez1QRMysxVXDr:upsVrnPTl4GodeNyeVTr
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7888e6bd31301ac9106db04055271a62
Files
-
7888e6bd31301ac9106db04055271a62.sys windows:1 windows x86 arch:x86
6b059b16380246f9cdaf1a4fc7f1c944
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ExFreePoolWithTag
strncmp
ExAllocatePoolWithTag
RtlInitUnicodeString
memset
swprintf
ZwClose
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwSetValueKey
ZwQueryValueKey
ZwOpenKey
RtlAssert
RtlCopyUnicodeString
RtlTimeToTimeFields
IoDeleteDevice
IoDeleteSymbolicLink
IoGetCurrentProcess
sprintf
strncpy
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
wcsncpy
_strnicmp
_wcsnicmp
DbgPrint
RtlUnwind
KeServiceDescriptorTable
PsGetCurrentProcessId
hal
KeGetCurrentIrql
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 790B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 698B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ