d:\programs\out\tsoft\bin\Release\amd64\passThrough.pdb
Static task
static1
1 signatures
General
-
Target
7989712cae508ddad1c224f46145da9c
-
Size
482KB
-
MD5
7989712cae508ddad1c224f46145da9c
-
SHA1
eca5035f3fd6b4218f620300dd70bfa253f87a2a
-
SHA256
c00791cd4f32d73c9a67592fa96322bdcc93d00ba43a34f632d652f5e7cc7a55
-
SHA512
663bd36061540535ed0cbc198b38156dabb60e79e7d804f74fb2ec05d85bafe81a256cccf92dc76987495c4c6dc181ef7ebdc14bf51946d561aae028b1def4f9
-
SSDEEP
12288:mZJ/wvdO3OcTw68LttfzqP/t8/V8qDr5MSk:mz4vdO3OcTP8Tf23t8/Cq6Sk
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7989712cae508ddad1c224f46145da9c
Files
-
7989712cae508ddad1c224f46145da9c.sys windows:6 windows x64 arch:x64
aa8a809a118041bd6e9680808f0d1b0c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
PsCreateSystemThread
MmMapLockedPagesSpecifyCache
PsTerminateSystemThread
ZwClose
IofCompleteRequest
ObReferenceObjectByHandle
KeWaitForSingleObject
PsGetCurrentProcessId
RtlCopyUnicodeString
ObfDereferenceObject
RtlUnicodeStringToInteger
IofCallDriver
RtlInitUnicodeString
IoDeleteDevice
IoDetachDevice
KeDelayExecutionThread
IoGetDeviceObjectPointer
IoAttachDeviceToDeviceStack
IoCreateDevice
IoCreateSymbolicLink
IoGetRelatedDeviceObject
IoFreeMdl
IoFreeIrp
MmProbeAndLockPages
IoAllocateIrp
RtlCompareMemory
MmUnlockPages
IoAllocateMdl
IoReleaseCancelSpinLock
ExUnregisterCallback
ExNotifyCallback
ExRegisterCallback
ExCreateCallback
MmUnmapLockedPages
_stricmp
_strnicmp
ExAllocatePoolWithTag
RtlAnsiStringToUnicodeString
NtWriteFile
PsLookupProcessByProcessId
ExGetPreviousMode
MmGetSystemRoutineAddress
ZwQueryObject
RtlUnicodeStringToAnsiString
ZwSetValueKey
strncpy
MmProtectMdlSystemAddress
NtQueryInformationFile
RtlEqualUnicodeString
tolower
wcsrchr
ExSystemTimeToLocalTime
IoGetCurrentProcess
NtCreateFile
NtClose
IoSetTopLevelIrp
NtDeleteFile
RtlTimeToTimeFields
strrchr
ZwQueryInformationProcess
IoGetTopLevelIrp
MmIsAddressValid
NtReadFile
ObOpenObjectByPointer
ZwOpenKey
KeClearEvent
PsSetCreateProcessNotifyRoutine
PsRemoveLoadImageNotifyRoutine
PsGetVersion
IoThreadToProcess
IoDeleteSymbolicLink
_wcsnicmp
KeInsertQueueApc
ZwQueryValueKey
PsInitialSystemProcess
RtlCompareUnicodeString
ZwOpenProcess
CmRegisterCallback
ZwCreateSection
CmUnRegisterCallback
PsGetProcessId
DbgPrint
ZwCreateKey
KeInitializeEvent
strchr
KeSetEvent
strstr
KeSetPriorityThread
ExFreePoolWithTag
strncat
sprintf
KeAcquireSpinLockRaiseToDpc
KeQueryTimeIncrement
ExAllocatePool
ZwQuerySystemInformation
KeReleaseSpinLock
KeInitializeApc
ZwMapViewOfSection
RtlInitAnsiString
ZwUnmapViewOfSection
RtlUpperString
RtlFreeAnsiString
__C_specific_handler
fltmgr.sys
FltRegisterFilter
FltSetCallbackDataDirty
FltStartFiltering
FltReleaseFileNameInformation
FltUnregisterFilter
FltGetFileNameInformation
ndis.sys
NdisAllocateMemoryWithTag
tdi.sys
TdiMapUserRequest
Sections
.text Size: 107KB - Virtual size: 107KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 333KB - Virtual size: 359KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 512B - Virtual size: 23B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ