ACE-BASE.pdb
Static task
static1
1 signatures
General
-
Target
7a2adc8894e455c12cc14837559023795ed867ba807d45281598f079d9cf2675
-
Size
1.9MB
-
MD5
d3bbe1120469f2254462b2b6117f438a
-
SHA1
f248f93145bdf203d1dc3b418fa1a598698efe47
-
SHA256
7a2adc8894e455c12cc14837559023795ed867ba807d45281598f079d9cf2675
-
SHA512
ae511bbe470901f6e7e65e60ebe5140733cf9092650fd18f17fd6fdf5425fd37765645d6c14d62fd610055c6484ae2dfed4993fcc12a21e532b2853cd78433a7
-
SSDEEP
24576:Xh0PwY2RE4O4B41zb/pEbxT7q+BjZuS3OcFb2QnqPu9zOYvin6/v/fNTeDoNynkQ:Xh0PwYYO041PpC7q9LHeoUnLnA2iZ
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7a2adc8894e455c12cc14837559023795ed867ba807d45281598f079d9cf2675
Files
-
7a2adc8894e455c12cc14837559023795ed867ba807d45281598f079d9cf2675.sys windows:10 windows x64 arch:x64
83a9c4683058429755d173fd4992ff0e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
KeUnstackDetachProcess
PsAcquireProcessExitSynchronization
PsReleaseProcessExitSynchronization
KeSetEvent
ExEventObjectType
wcscat_s
ZwClose
ZwCreateKey
ZwOpenKey
ZwDeleteKey
ZwSetValueKey
ZwDeleteFile
KeAreAllApcsDisabled
KeDeregisterBugCheckReasonCallback
KeRegisterBugCheckReasonCallback
IoCreateNotificationEvent
KeInitializeGuardedMutex
strcpy_s
RtlInitAnsiString
RtlAnsiStringToUnicodeString
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
PsGetCurrentThreadId
PsGetProcessCreateTimeQuadPart
PsGetProcessExitStatus
PsGetProcessPeb
ObOpenObjectByPointer
PsGetProcessSessionId
PsGetProcessInheritedFromUniqueProcessId
ZwFreeVirtualMemory
PsReferenceProcessFilePointer
ZwCreateFile
ZwDeviceIoControlFile
RtlNtStatusToDosError
ZwFsControlFile
ZwWaitForSingleObject
PsGetThreadId
IoFileObjectType
ExSemaphoreObjectType
PsProcessType
PsThreadType
PsJobType
SeTokenObjectType
ObReferenceObjectByHandle
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
RtlFreeUnicodeString
KeIpiGenericCall
ProbeForWrite
PsCreateSystemThread
RtlRandomEx
KeClearEvent
IoCreateDevice
IoCreateSymbolicLink
IoRegisterShutdownNotification
IoUnregisterShutdownNotification
MmUnsecureVirtualMemory
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
IoAllocateMdl
IoFreeMdl
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExInitializeResourceLite
ExAcquireResourceSharedLite
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
ExDeleteResourceLite
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlGetElementGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlIsGenericTableEmptyAvl
RtlUpcaseUnicodeString
RtlTimeToTimeFields
ExSystemTimeToLocalTime
RtlEqualUnicodeString
RtlCopyUnicodeString
RtlWalkFrameChain
KeWaitForMultipleObjects
PsGetProcessId
KeTryToAcquireGuardedMutex
KeEnterGuardedRegion
KeLeaveGuardedRegion
PsGetThreadProcess
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
SeQuerySessionIdToken
PsReferencePrimaryToken
PsDereferencePrimaryToken
ObQueryNameString
KeInitializeDpc
KeSetTargetProcessorDpc
KeInitializeTimerEx
KeCancelTimer
KeStackAttachProcess
PsSetCreateProcessNotifyRoutineEx
KeDelayExecutionThread
KeQueryTimeIncrement
KeQueryActiveProcessors
MmGetSystemRoutineAddress
MmBuildMdlForNonPagedPool
PsGetVersion
MmUserProbeAddress
ZwLoadDriver
ZwFlushKey
ZwQueryValueKey
ExAllocatePoolWithTag
ExAcquireRundownProtection
ExReleaseRundownProtection
PsGetThreadProcessId
IoVolumeDeviceToDosName
PsInitialSystemProcess
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
RtlInsertElementGenericTableFullAvl
MmGetVirtualForPhysical
RtlUnicodeStringToInteger
KeNumberProcessors
RtlCompareString
RtlEnumerateGenericTableWithoutSplayingAvl
ZwOpenThread
ZwOpenDirectoryObject
ZwEnumerateKey
RtlInt64ToUnicodeString
IoCreateFile
ZwOpenFile
ZwQueryInformationFile
ZwSetInformationFile
ZwReadFile
ZwWriteFile
IoCreateFileSpecifyDeviceObjectHint
NtQueryDirectoryFile
IoGetBaseFileSystemDeviceObject
IoQueryFileInformation
ProbeForRead
PsGetProcessWow64Process
RtlImageDirectoryEntryToData
RtlQueryAtomInAtomTable
PsGetThreadWin32Thread
MmAllocateContiguousMemory
MmProtectMdlSystemAddress
ZwQueryObject
NtClose
ObGetObjectType
ExAcquireFastMutex
ExReleaseFastMutex
RtlUpcaseUnicodeChar
RtlUpcaseUnicodeToMultiByteN
RtlAnsiCharToUnicodeChar
RtlUnicodeToMultiByteN
ZwQuerySystemInformation
ZwSetSecurityObject
IoDeviceObjectType
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
SeCaptureSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeExports
RtlCreateSecurityDescriptor
wcschr
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
RtlLengthSid
IoIsWdmVersionAvailable
RtlSetDaclSecurityDescriptor
KeReleaseGuardedMutex
KeAcquireGuardedMutex
RtlCompareUnicodeString
IoDriverObjectType
__C_specific_handler
RtlPrefixUnicodeString
ObfDereferenceObject
IoGetAttachedDeviceReference
IofCallDriver
IoBuildSynchronousFsdRequest
ExFreePoolWithTag
ExAllocatePool
KeWaitForSingleObject
KeInitializeEvent
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
IoGetCurrentProcess
KeBugCheckEx
PsLookupProcessByProcessId
MmIsAddressValid
MmGetPhysicalAddress
PsTerminateSystemThread
KeSetTimerEx
PsGetProcessImageFileName
MmGetPhysicalMemoryRanges
PsIsThreadTerminating
PsLookupThreadByThreadId
ZwQueryInformationThread
KeInitializeApc
KeInsertQueueApc
MmAllocateMappingAddress
MmFreeMappingAddress
ZwOpenProcess
ZwDeleteValueKey
ZwCreateSection
MmMapViewInSystemSpace
MmUnmapViewInSystemSpace
RtlGetVersion
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
RtlAppendUnicodeStringToString
ZwUnloadDriver
ZwQueryInformationProcess
PsIsSystemThread
KeAreApcsDisabled
HalDispatchTable
KeSetSystemGroupAffinityThread
KeRevertToUserGroupAffinityThread
KeQueryActiveProcessorCountEx
KeGetProcessorNumberFromIndex
KeGetCurrentProcessorNumberEx
MmFreeContiguousMemory
MmProbeAndLockProcessPages
ObReferenceObjectByName
IoAllocateIrp
IoFreeIrp
wcsncpy_s
IoGetLowerDeviceObject
CcCoherencyFlushAndPurgeCache
ExFreePool
MmUnmapIoSpace
RtlCompareMemory
MmMapIoSpace
fltmgr.sys
FltWriteFile
FltReleaseFileNameInformation
FltEnumerateFilters
FltStartFiltering
FltUnregisterFilter
FltRegisterFilter
FltObjectDereference
FltEnumerateInstances
FltGetVolumeProperties
FltGetVolumeFromInstance
FltClose
FltSetInformationFile
FltGetFileNameInformationUnsafe
FltReadFile
FltCreateFileEx
FltGetVolumeName
FltParseFileNameInformation
FltGetFileNameInformation
FltFreePoolAlignedWithTag
FltAllocatePoolAlignedWithTag
FltGetRequestorProcessId
hidparse.sys
HidP_GetCollectionDescription
hal
KeStallExecutionProcessor
KeQueryPerformanceCounter
Sections
.text Size: 657KB - Virtual size: 656KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 288KB - Virtual size: 288KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 1.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 472B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.tvm0 Size: 860KB - Virtual size: 860KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ