volmgr.pdb
Static task
static1
1 signatures
General
-
Target
a0e1ef5767fe74f3d1426792b89c5ac9
-
Size
51KB
-
MD5
a0e1ef5767fe74f3d1426792b89c5ac9
-
SHA1
327eea2f4b56a6a8ed73daa74aeb6e31bf5bacbb
-
SHA256
e5416f382e87ec372122ee418ab09f0926bf3871fb52c2129d6dbaedf29c9eee
-
SHA512
13a8467269ef8330a29c08330a24f7a5336bc2637ef39057927be70b4a5da8cf925856ae481a5706c95fcf03a64438aabb8f60699812d0ff06a18d802ea48ddf
-
SSDEEP
768:fE6f0c1yRBWmP/3KyUDV4XhApuaVvQCc8ol0WXjDIRrMiEAkdXx4p9y/jso5zM+:Vf0rRB6FeCpuOICoGWX3IRrMdxmy/Vi+
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a0e1ef5767fe74f3d1426792b89c5ac9
Files
-
a0e1ef5767fe74f3d1426792b89c5ac9.sys windows:6 windows x86 arch:x86
1e4ddddedacf765ce60b1b678182ba67
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ExFreePoolWithTag
ExAllocatePoolWithTag
IoGetAttachedDeviceReference
IoRegisterDeviceInterface
IoWMIRegistrationControl
IofCompleteRequest
memcpy
SeReleaseSubjectContext
SeUnlockSubjectContext
SeAccessCheck
IoGetFileObjectGenericMapping
SeLockSubjectContext
SeCaptureSubjectContext
ZwClose
ZwFlushKey
ZwOpenKey
RtlQueryRegistryValues
memset
RtlWriteRegistryValue
RtlDeleteRegistryValue
memmove
IoForwardIrpSynchronously
IoDeleteDevice
IoReportTargetDeviceChangeAsynchronous
RtlInitUnicodeString
RtlValidSecurityDescriptor
ObSetSecurityObjectByPointer
IoGetDeviceProperty
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
SeExports
RtlLengthSid
KeReleaseSemaphore
IoRegisterLastChanceShutdownNotification
RtlCopyUnicodeString
IoDetachDevice
KeInitializeSemaphore
IoDeleteSymbolicLink
ObfDereferenceObject
IoCreateSymbolicLink
IoCreateDevice
ExQueueWorkItem
IoSetHardErrorOrVerifyDevice
KeSetEvent
IoReleaseVpbSpinLock
IoAcquireVpbSpinLock
IoReleaseCancelSpinLock
PoSetPowerState
PoCallDriver
PoStartNextPowerIrp
RtlStringFromGUID
IoSetSystemPartition
RtlCompareUnicodeString
IoInvalidateDeviceRelations
RtlCompareMemory
IoSetDeviceInterfaceState
IoGetDeviceObjectPointer
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
ObfReferenceObject
IoFreeIrp
IoFreeMdl
IoBuildPartialMdl
IoAllocateMdl
IoMakeAssociatedIrp
IoInvalidateDeviceState
IoUnregisterShutdownNotification
IoGetBootDiskInformation
KeLeaveCriticalRegion
KeEnterCriticalRegion
IoRegisterDriverReinitialization
IoRegisterBootDriverReinitialization
IoReportDetectedDevice
ZwQueryValueKey
KeTickCount
KeBugCheckEx
RtlUnwind
KeInitializeEvent
IoBuildDeviceIoControlRequest
IofCallDriver
KeWaitForSingleObject
IoAttachDeviceToDeviceStack
_vsnwprintf
hal
KfAcquireSpinLock
KfReleaseSpinLock
wmilib.sys
WmiSystemControl
WmiCompleteRequest
Sections
.text Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 740B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1016B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ