ACE-BASE.pdb
Static task
static1
1 signatures
General
-
Target
5b79d11a39dc84fed8b878611243f156c782c214fe9a3acb6788b1df5c483d75
-
Size
2.0MB
-
MD5
7cd7d3013c6fc581534d04b99409873d
-
SHA1
6fa2207cec86eddaa70304a7ebe72e2fa366b7bb
-
SHA256
5b79d11a39dc84fed8b878611243f156c782c214fe9a3acb6788b1df5c483d75
-
SHA512
126c36f887cf09d7c850f58e02e674e04d4a5071b6d3d1be474c1950061553513afaca690e65df1d36d6ba8b970d3916459ec7358a444728e49717d33a0c3ca8
-
SSDEEP
24576:/gKtxkdi9z4eT7q+BjZuS3OcFb2QnqPu9zOYvin6/v/fNTeDoNynk5Oz4SUly0zm:YKtxkA2C7qJF5b
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5b79d11a39dc84fed8b878611243f156c782c214fe9a3acb6788b1df5c483d75
Files
-
5b79d11a39dc84fed8b878611243f156c782c214fe9a3acb6788b1df5c483d75.sys windows:10 windows x64 arch:x64
e9ca6464a705ceced1bf87843107662f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
KeRegisterBugCheckReasonCallback
KeStackAttachProcess
KeUnstackDetachProcess
strcpy_s
wcscat_s
RtlInitAnsiString
RtlAnsiStringToUnicodeString
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeWaitForSingleObject
PsGetCurrentThreadId
PsGetProcessCreateTimeQuadPart
ObOpenObjectByPointer
PsGetProcessSessionId
PsGetProcessInheritedFromUniqueProcessId
ZwFreeVirtualMemory
PsReferenceProcessFilePointer
RtlInitUnicodeString
ZwCreateFile
ZwDeviceIoControlFile
RtlNtStatusToDosError
ZwFsControlFile
ZwWaitForSingleObject
PsGetThreadId
IoFileObjectType
ExSemaphoreObjectType
PsProcessType
PsThreadType
PsJobType
SeTokenObjectType
ObReferenceObjectByHandle
ZwClose
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeInitializeEvent
KeInitializeTimerEx
KeCancelTimer
KeSetTimerEx
KeWaitForMultipleObjects
PsCreateSystemThread
KeClearEvent
IoCreateDevice
IoCreateNotificationEvent
IoCreateSymbolicLink
IoRegisterShutdownNotification
IoUnregisterShutdownNotification
MmUnsecureVirtualMemory
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
IoAllocateMdl
IoFreeMdl
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExInitializeResourceLite
ExAcquireResourceSharedLite
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
ExDeleteResourceLite
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlGetElementGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlIsGenericTableEmptyAvl
RtlUpcaseUnicodeString
RtlTimeToTimeFields
ExSystemTimeToLocalTime
RtlEqualUnicodeString
RtlCopyUnicodeString
RtlWalkFrameChain
PsGetProcessId
KeInitializeDpc
KeSetTargetProcessorDpc
ProbeForRead
KeDelayExecutionThread
KeQueryTimeIncrement
KeQueryActiveProcessors
ProbeForWrite
MmBuildMdlForNonPagedPool
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
MmSecureVirtualMemory
RtlFreeUnicodeString
RtlCompareMemory
KeAreAllApcsDisabled
ExAcquireRundownProtection
ExReleaseRundownProtection
PsGetThreadProcessId
IoVolumeDeviceToDosName
PsInitialSystemProcess
ZwOpenKey
ZwQueryValueKey
KeDeregisterBugCheckReasonCallback
ZwQuerySymbolicLinkObject
RtlInsertElementGenericTableFullAvl
MmGetVirtualForPhysical
ExpInterlockedPopEntrySList
MmAdvanceMdl
MmCreateMdl
PsGetThreadProcess
PsGetProcessPeb
RtlCompareString
RtlEnumerateGenericTableWithoutSplayingAvl
ZwOpenDirectoryObject
RtlAppendUnicodeToString
ZwCreateKey
ZwDeleteKey
ZwEnumerateKey
ZwSetValueKey
MmAllocateContiguousMemory
RtlCompareUnicodeString
PsGetProcessWow64Process
IoCreateFile
ZwOpenFile
ZwQueryInformationFile
ZwSetInformationFile
ZwReadFile
IoCreateFileSpecifyDeviceObjectHint
NtQueryDirectoryFile
IoGetBaseFileSystemDeviceObject
IoQueryFileInformation
ObQueryNameString
ZwDeleteFile
PsGetProcessExitStatus
RtlImageDirectoryEntryToData
RtlQueryAtomInAtomTable
ZwQueryObject
RtlAnsiCharToUnicodeChar
PsGetVersion
ZwQuerySystemInformation
ZwSetSecurityObject
IoDeviceObjectType
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
SeCaptureSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeExports
RtlCreateSecurityDescriptor
wcschr
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
RtlLengthSid
IoIsWdmVersionAvailable
RtlSetDaclSecurityDescriptor
ExEventObjectType
__C_specific_handler
KeSetEvent
KeNumberProcessors
KeAddProcessorAffinityEx
KeInitializeAffinityEx
PsLookupThreadByThreadId
MmGetSystemRoutineAddress
KeInitializeGuardedMutex
KeQueryActiveProcessorCountEx
ObfDereferenceObject
ExAllocatePool
PsGetProcessImageFileName
ExFreePoolWithTag
ExAllocatePoolWithTag
KeReleaseGuardedMutex
KeAcquireGuardedMutex
PsGetCurrentProcessId
IoGetCurrentProcess
KeBugCheckEx
PsLookupProcessByProcessId
MmIsAddressValid
MmGetPhysicalAddress
PsTerminateSystemThread
RtlAssert
PsIsThreadTerminating
ZwOpenThread
ZwQueryInformationThread
KeInitializeApc
KeInsertQueueApc
IoBuildDeviceIoControlRequest
IofCallDriver
IoGetDeviceObjectPointer
wcsrchr
RtlAppendUnicodeStringToString
ZwUnloadDriver
ZwOpenProcess
ZwQueryInformationProcess
towupper
ZwCreateSection
MmProtectMdlSystemAddress
MmProbeAndLockProcessPages
KeDeregisterNmiCallback
ObReferenceObjectByName
IoAllocateIrp
IoFreeIrp
MmUnmapIoSpace
ZwOpenSymbolicLinkObject
MmMapIoSpace
fltmgr.sys
FltGetFileNameInformation
FltReleaseFileNameInformation
FltEnumerateInstances
FltGetVolumeProperties
FltGetVolumeFromInstance
FltClose
FltSetInformationFile
FltWriteFile
FltReadFile
FltCreateFileEx
FltGetVolumeName
FltParseFileNameInformation
FltFreePoolAlignedWithTag
FltAllocatePoolAlignedWithTag
FltObjectDereference
FltEnumerateFilters
FltStartFiltering
FltUnregisterFilter
FltRegisterFilter
FltGetFileNameInformationUnsafe
FltGetRequestorProcessId
hal
KeStallExecutionProcessor
Sections
.text Size: 418KB - Virtual size: 417KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 313KB - Virtual size: 313KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 618KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 976B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.tvm0 Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ