D:\127\test2\delfile\Dsys\objfre\i386\Dsys.pdb
Static task
static1
1 signatures
General
-
Target
a14ded0ab99bbe6689f03bc7f7740250
-
Size
26KB
-
MD5
a14ded0ab99bbe6689f03bc7f7740250
-
SHA1
f1dfb5dd6b64829f7671cbbbc1424226869f99aa
-
SHA256
ea31933747f0e5be77835f288d6d1f31cf6b2aead378c4280ca7fc74d2d47d03
-
SHA512
c97c630718dad5d3c9d6763326127fa2619146813c1a9a556537941201efd97c807c1a44e0a42ed786d6310b13dae73a246a4b724428ad15725f0e13e3b3c2a4
-
SSDEEP
768:o0yz9PkMpEIifI4IXyuQNTPknjFjC9jlFOzs:1g9PmpmyuQNTMC9jjW
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a14ded0ab99bbe6689f03bc7f7740250
Files
-
a14ded0ab99bbe6689f03bc7f7740250.sys windows:5 windows x86 arch:x86
c1280fd45c666bf6c68c36156beecfb4
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IoDeleteSymbolicLink
IoCreateFile
IoFreeIrp
KeSetEvent
ObfDereferenceObject
KeWaitForSingleObject
IofCallDriver
KeGetCurrentThread
KeInitializeEvent
IoAllocateIrp
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
KeDetachProcess
IoDeleteDevice
ZwTerminateProcess
ObOpenObjectByPointer
MmUnmapViewOfSection
ZwClose
RtlInitUnicodeString
MmIsAddressValid
PsLookupProcessByProcessId
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
PsGetVersion
IoCreateSymbolicLink
IoCreateDevice
_except_handler3
KeAttachProcess
IofCompleteRequest
hal
KeGetCurrentIrql
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 640B - Virtual size: 581B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 256B - Virtual size: 246B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ