srv.pdb
Static task
static1
1 signatures
General
-
Target
aa6c72571a71989e5c973a42c043d8e1
-
Size
456KB
-
MD5
aa6c72571a71989e5c973a42c043d8e1
-
SHA1
72e8bfd64e61af8b6652141d31946b7f872b861c
-
SHA256
33d9efb38d0fffae6c67c329aecde9696ca915a571b178a5482efd11413fd786
-
SHA512
478bbb1d32123029bb7eb354c7dd6626757740066fb1e842b130c95b392099c7433721ab19c66ab242c2237dc77ee177fb9ad097ec4d6e21e50057194f15d377
-
SSDEEP
6144:iHRly5WwvcWmGrkqqxdovaiMYEbyrlKDeFAXrQfoeAiZZ:iHj7v/RSvkbyrlnAQfoeAU
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource aa6c72571a71989e5c973a42c043d8e1
Files
-
aa6c72571a71989e5c973a42c043d8e1.sys windows:6 windows x64 arch:x64
23d74c89e73a90c4d52fa0f5b0bcda8a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
RtlCompareMemory
KeInitializeEvent
ExInitializeResourceLite
InitializeSListHead
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
ExInterlockedRemoveHeadList
ExAcquireResourceExclusiveLite
RtlEqualUnicodeString
ExReleaseResourceLite
ExpInterlockedPopEntrySList
ExDeleteResourceLite
NlsMbOemCodePageTag
RtlxUnicodeStringToOemSize
RtlUnicodeStringToOemString
KeResetEvent
ExAcquireResourceSharedLite
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
RtlUpcaseUnicodeChar
KeGetCurrentProcessorNumberEx
ExpInterlockedPushEntrySList
ObfDereferenceObject
IoGetRelatedDeviceObject
IoFreeIrp
IoCheckDesiredAccess
PsIsThreadImpersonating
IoGetCurrentProcess
PsDereferencePrimaryToken
PsDereferenceImpersonationToken
PsImpersonateClient
RtlCopyUnicodeString
KeStackAttachProcess
KeUnstackDetachProcess
RtlLengthSecurityDescriptor
ZwClose
NtQueryVolumeInformationFile
NtOpenFile
NtQueryInformationFile
KeInitializeTimer
KeCancelTimer
KeReadStateEvent
KeInitializeDpc
KeSetTargetProcessorDpcEx
KeClearEvent
KeSetTimer
RtlOemStringToUnicodeString
IoInitializeIrp
MmBuildMdlForNonPagedPool
ExFreePoolWithTag
KeInsertQueue
IoFreeMdl
ZwUnmapViewOfSection
ZwMapViewOfSection
IoAllocateMdl
MmProbeAndLockPages
IofCallDriver
IoCreateFile
ZwCreateSection
NtReadFile
NtSetInformationFile
NtWriteFile
ObReferenceObjectByHandle
RtlUpperChar
ExAllocatePoolWithTag
IoWMIWriteEvent
MmGetSystemRoutineAddress
IoWMIRegistrationControl
IofCompleteRequest
IoCreateDevice
IoDeleteDevice
KeInsertHeadQueue
WmiGetClock
IoIs32bitProcess
KeEnterCriticalRegion
KeLeaveCriticalRegion
IoAllocateWorkItem
MmUnlockPages
KeQueryTimeIncrement
IoGetRequestorProcess
KeAttachProcess
KeDetachProcess
ExAllocatePoolWithTagPriority
IoQueueWorkItem
MmUnmapLockedPages
IoBuildPartialMdl
RtlFreeOemString
ZwOpenEvent
RtlAnsiStringToUnicodeString
IoFreeWorkItem
KeInitializeQueue
RtlCreateSecurityDescriptor
RtlLengthRequiredSid
RtlInitializeSid
MmMapLockedPagesSpecifyCache
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
RtlSetDaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
ZwOpenKey
ZwQueryValueKey
KeDelayExecutionThread
KeRundownQueue
RtlGetDaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
MmUnlockPagableImageSection
_wcsupr
KeGetProcessorNumberFromIndex
KeReadStateQueue
_wcsicmp
ZwSetValueKey
ExSystemTimeToLocalTime
RtlTimeToSecondsSince1970
NtQuerySecurityObject
FsRtlDoesNameContainWildCards
SeSinglePrivilegeCheck
SeExports
RtlTimeToTimeFields
RtlTimeFieldsToTime
ObfReferenceObject
IoAllocateIrp
IoQueueThreadIrp
IoReuseIrp
MmLockPagableDataSection
IoCreateFileEx
RtlPrefixUnicodeString
IoCheckEaBufferValidity
IoCheckFunctionAccess
IoSetThreadHardErrorMode
RtlIntegerToUnicodeString
IoCancelIrp
RtlInitString
RtlInt64ToUnicodeString
_stricmp
wcschr
strncmp
IoFastQueryNetworkAttributes
RtlSecondsSince1970ToTime
IoCheckQuerySetFileInformation
RtlUpcaseUnicodeStringToOemString
NtDeviceIoControlFile
RtlFreeAnsiString
IoCheckQuerySetVolumeInformation
NtSetVolumeInformationFile
RtlValidRelativeSecurityDescriptor
NtSetSecurityObject
NtQueryQuotaInformationFile
NtSetQuotaInformationFile
_wcsnicmp
RtlInitAnsiString
RtlIsNameLegalDOS8Dot3
FsRtlIsFatDbcsLegal
NlsOemLeadByteInfo
RtlUpcaseUnicodeToOemN
RtlUnicodeToOemN
IoSetFileOrigin
PsAssignImpersonationToken
RtlMapGenericMask
SeFreePrivileges
ExQueueWorkItem
ObOpenObjectByPointer
ZwDuplicateObject
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
IoCreateFileSpecifyDeviceObjectHint
FsRtlInitializeExtraCreateParameterList
FsRtlInitializeExtraCreateParameter
FsRtlInsertExtraCreateParameter
RtlValidSecurityDescriptor
RtlCompareUnicodeString
KeQueryActiveProcessorCountEx
KeGetRecommendedSharedDataAlignment
_vsnwprintf
IoBuildDeviceIoControlRequest
NtClose
toupper
FsRtlIsNameInExpression
RtlNtStatusToDosErrorNoTeb
VerSetConditionMask
RtlVerifyVersionInfo
MmSizeOfMdl
MmIsThisAnNtAsSystem
PsCreateSystemThread
NtSetInformationThread
KeQueryGroupAffinity
KeSetSystemGroupAffinityThread
KeSetIdealProcessorThread
KeRemoveQueue
PsTerminateSystemThread
NtFreeVirtualMemory
NtAllocateVirtualMemory
KeSetEvent
RtlFreeUnicodeString
RtlUpcaseUnicodeString
KeWaitForSingleObject
SeUnlockSubjectContext
SeQueryAuthenticationIdToken
SeLockSubjectContext
SeReleaseSubjectContext
SeCaptureSubjectContext
ExInterlockedAddUlong
ExLocalTimeToSystemTime
KeBugCheckEx
DbgPrint
RtlSubAuthoritySid
RtlInitUnicodeString
ExAcquireFastMutex
ExReleaseFastMutex
__C_specific_handler
wmilib.sys
WmiCompleteRequest
WmiSystemControl
ksecdd.sys
AddCredentialsW
FreeCredentialsHandle
AcquireCredentialsHandleW
DeleteSecurityContext
InitSecurityInterfaceW
RevertSecurityContext
QueryContextAttributesW
ImpersonateSecurityContext
MapSecurityError
AcceptSecurityContext
KSecValidateBuffer
FreeContextBuffer
SystemPrng
srvnet.sys
SrvLibIsNetworkAddress
SrvNetCloseConnection
SrvLibGetBaseFileName
SrvXsSchedulePrintJob
SrvAdminDeregisterFile
SrvLibAuditForceAccess
SrvAdminDeregisterSession
SrvLibLookasideAllocate
SrvLibLookasideFree
SrvAdminDeregisterTreeConnect
SrvAdminQueryResumeKeyTarget
SrvAdminIsScopedName
SrvLibLogError
SrvLibIsLoggableError
SrvLibGenerateSrvServiceSD
SrvLibApplySrvDeviceAcl
SrvLibFreeSrvServiceSD
SrvNetReceiveData
SrvNetGetQueueStatistics
SrvNetRegisterClient
SrvNetStartClient
SrvXsConnect
SrvNetInitializeStatisticsQueues
SrvLibLookasideInitialize
SrvLibLookasideCreatePool
SrvLibLookasideDirectFreeBuffer
SrvLibLookasideDirectNonPagedAllocateBuffer
SrvLibLookasideDirectPagedAllocateBuffer
SrvAdminRegisterProvider
SrvNetStopClient
SrvNetDeregisterClient
SrvXsClosePrinter
SrvXsDisconnect
SrvAdminDeregisterProvider
SrvNetDisableStatisticsQueue
SrvLibLookasideDestroyPool
SrvAdminRefreshAnonymousLists
SrvAdminRefreshNoRemapPipeList
SrvLibGetDWord
SrvLibQueryLicensingDWord
SrvLibSetSrvErrorLogIgnore
SrvGraftName
SrvNetFreePool
SrvNetQueryConnectionInformation
SrvNetSetConnectionInformation
SrvNetSendData
SrvXsAddPrintJob
SrvAdminRemapPipeName
SrvAdminRegisterFile
SrvNetUpdateStatisticsFromQueues
SrvNetUpdateIOCountFromQueues
SrvAdminDoesShareAllowAnonymous
SrvLibTruncateDnsName
SrvAdminEvaluateServerAlias
SrvAdminRegisterSession
SrvLibIsFsctlDisallowed
SrvLibIsDosDeviceName
SrvAdminDoesPipeAllowAnonymous
SrvLibAllocatePipeEa
SrvLibFreePipeEa
SrvLibAuditSuccessEnabled
SrvLibAuditShareAccess
SrvLibRetrieveMaximalAccessRightsForUser
SrvLibAuditShareConnect
SrvAdminRegisterTreeConnect
SrvXsOpenPrinter
SrvNetGetStatisticsAndLock
SrvAdminSetUserLimit
SrvNetQueryRssScalability
SrvXsDownLevelAPI
SrvAdminAuditSpnCheck
SrvAdminCheckSpn
SrvLibSeAccessCheck
SrvAdminAllowIdlePowerDownForActivity
SrvAdminInhibitIdlePowerDownForActivity
SrvAdminInhibitIdlePowerDownForOpenFiles
SrvAdminAllowIdlePowerDownForOpenFiles
SrvNetDisconnectConnection
Sections
.text Size: 79KB - Virtual size: 79KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 135KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 303KB - Virtual size: 303KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE8FIL Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 316B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ