C:\DDK_Work\BO_FU_Rootkit1\BO_FU_Rootkit\exe\i386\bodrive.pdb
Static task
static1
1 signatures
General
-
Target
9a5db29f472636215ce3bc9ae3cf3e7c
-
Size
27KB
-
MD5
9a5db29f472636215ce3bc9ae3cf3e7c
-
SHA1
51315fcecec8eb806ec1b303c5ba98eda61eff00
-
SHA256
834f009933143aadaf2d4c71006d62623950679d6af36ba7f2d376b51ee54a2e
-
SHA512
70cd5f1dbe011898844d434f9d46691f8d525e274c7de6bf8e19f121dfbbe095ddcfbe056c21afd1f375b8ba7d4d53bbb24e5514e02b2efd5a10e53333e5d225
-
SSDEEP
192:Uw0kxieMtRGFaoZQKtXlv7oT4puHt++XocowHfpz2Nn:UwKeKRlUtXlvBpuHtZXocow/pz8
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 9a5db29f472636215ce3bc9ae3cf3e7c
Files
-
9a5db29f472636215ce3bc9ae3cf3e7c.sys windows:5 windows x86 arch:x86
6d0202b94dfa511726a1b8457af20f5a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IoDeleteSymbolicLink
RtlInitUnicodeString
IoFreeMdl
MmUnmapLockedPages
ExFreePoolWithTag
ZwQueryDirectoryFile
ExAllocatePoolWithTag
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
IoDeleteDevice
DbgPrint
RtlFreeUnicodeString
RtlCompareUnicodeString
RtlAnsiStringToUnicodeString
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
IoGetCurrentProcess
KeTickCount
RtlCompareMemory
KeServiceDescriptorTable
strncmp
hal
KfReleaseSpinLock
KfAcquireSpinLock
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 298B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 76B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 760B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 340B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ