C:\proj\drivers\fa\sys\objfre\i386\atmarpd.pdb
Static task
static1
1 signatures
General
-
Target
9c2f1a28edae95bd321abcc839e6fa6b
-
Size
239KB
-
MD5
9c2f1a28edae95bd321abcc839e6fa6b
-
SHA1
c9d8cece331437a39ff11699b096d484989e7796
-
SHA256
cf804c610cb0be806b8218d2dc9f92ed6f397944da0d7db822cc01bf5796af46
-
SHA512
07d488dabafcdb78078d7f11b4f4158c454c226c07eddb7e229d4dc5060b20c4ce2da3c6a511714636729f5df3ac699d1e05842fb6d07cbbc0c16cf3b2b9a252
-
SSDEEP
6144:oQROsgmPe/ufXuhneQdhXGwjxEOLG3Rhm8Jp51CkLJ8ft8Ay:os3e/Wuhne+9jkRg8LdK2
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 9c2f1a28edae95bd321abcc839e6fa6b
Files
-
9c2f1a28edae95bd321abcc839e6fa6b.sys windows:5 windows x86 arch:x86
b939c9ed66dc64f54a9e3cbe2c804382
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
RtlAppendUnicodeStringToString
ObfDereferenceObject
KeWaitForSingleObject
KeReleaseMutex
ZwClose
ZwDeleteValueKey
ZwDeleteKey
PsTerminateSystemThread
strstr
wcsstr
strncpy
KeQueryTimeIncrement
KeTickCount
_alldiv
_allmul
wcscat
wcscpy
ZwQueryKey
ZwOpenKey
swprintf
wcslen
strchr
IofCompleteRequest
RtlDeleteRegistryValue
RtlWriteRegistryValue
RtlCreateRegistryKey
RtlInitUnicodeString
wcsrchr
ZwWriteFile
ZwCreateFile
ZwSetInformationFile
ZwQueryInformationFile
KeDelayExecutionThread
vsprintf
sprintf
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
strncmp
IoGetCurrentProcess
PsGetCurrentThreadId
_stricmp
RtlNtStatusToDosError
ZwQuerySystemInformation
IoFreeMdl
MmUnlockPages
MmMapLockedPages
MmProbeAndLockPages
IoAllocateMdl
RtlCompareUnicodeString
_strnicmp
KeServiceDescriptorTable
ExFreePool
PsGetCurrentProcessId
ExAllocatePool
IoDeleteDevice
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoRegisterShutdownNotification
IoUnregisterShutdownNotification
IoCreateDevice
ZwReadFile
ZwCreateKey
memmove
RtlCopyUnicodeString
ZwQueryValueKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwSetValueKey
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeMutex
IoGetDeviceObjectPointer
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
hal
KfReleaseSpinLock
KfAcquireSpinLock
Exports
Exports
wcsnicmp
Sections
.text Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 203KB - Virtual size: 203KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 128B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.STL Size: 128B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.edata Size: 128B - Virtual size: 71B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.WIN Size: 597B - Virtual size: 597B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE