i:\ndisdd20087\objfre_wxp_x86\i386\ndisdd.pdb
Static task
static1
1 signatures
General
-
Target
8b601b46d95a74fcfc0df062ce955ad7
-
Size
51KB
-
MD5
8b601b46d95a74fcfc0df062ce955ad7
-
SHA1
55a4e24d1ba851787ce91cb4124d1e0efdbb7c8e
-
SHA256
b1469d8fb6a0e2dad11c46668a672436b3b4c8a0601c5f034ededff2a5d88d3c
-
SHA512
3cce011d63fa803d97ea0ed9ddacb83a2e23020ca959dca17fafb6062d5d0bc581a47bd60c88a3ad708002d8ad4cee88fe7fca11307665fbd8a5819c0e9c7635
-
SSDEEP
768:9NnzcgkH103CY4yPgIpBtVh5G6DaL0xfnu:Tnz2wf4WXDLh5G6DaL0W
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8b601b46d95a74fcfc0df062ce955ad7
Files
-
8b601b46d95a74fcfc0df062ce955ad7.sys windows:5 windows x86 arch:x86
9749b9727cb1bf75e2161d3dc7772464
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ZwSetInformationFile
ExFreePoolWithTag
wcslen
ZwWriteFile
ZwCreateFile
ZwReadFile
ZwQueryInformationFile
atol
strchr
wcsncmp
_stricmp
strrchr
wcscpy
wcscat
sprintf
strstr
wcscmp
IoGetCurrentProcess
KeInsertQueueApc
KeInitializeApc
KeUnstackDetachProcess
MmUnlockPages
mbstowcs
KeStackAttachProcess
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
ZwQueryValueKey
ZwOpenKey
wcsncpy
ZwEnumerateKey
NtBuildNumber
_wcsnicmp
wcsstr
_wcsupr
wcschr
wcsncat
strncpy
rand
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
KeTickCount
KeBugCheckEx
ZwOpenFile
ZwQueryDirectoryFile
wcstombs
ZwClose
_snprintf
IoGetDeviceObjectPointer
ObfDereferenceObject
KeInitializeSemaphore
IoAllocateWorkItem
DbgPrint
_except_handler3
KeWaitForSingleObject
ExFreePool
IoQueueWorkItem
IoCreateDevice
IoCreateSymbolicLink
ExAllocatePoolWithTag
KeInitializeEvent
PsCreateSystemThread
PsTerminateSystemThread
KeResetEvent
RtlCompareUnicodeString
KeReleaseSemaphore
IofCompleteRequest
RtlInitUnicodeString
KeSetEvent
IoDeleteSymbolicLink
MmMapLockedPagesSpecifyCache
IoDeleteDevice
hal
KeGetCurrentIrql
KfRaiseIrql
KfReleaseSpinLock
KfAcquireSpinLock
KfLowerIrql
ndis.sys
NdisAllocateBufferPool
NdisAllocateBuffer
NdisAllocatePacket
NdisQueryAdapterInstanceName
NdisRegisterProtocol
NdisDeregisterProtocol
NdisTransferData
NdisAllocatePacketPool
NdisAllocateMemoryWithTag
NdisSetEvent
NdisUnchainBufferAtFront
NdisFreeBuffer
NdisFreePacket
NdisQueryBuffer
NdisQueryBufferOffset
NDIS_BUFFER_TO_SPAN_PAGES
NdisSendPackets
NdisMSleep
NdisRequest
NdisWaitEvent
NdisFreeMemory
NdisInitializeEvent
Sections
.text Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 768B - Virtual size: 756B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ