C:\sys.pdb
Static task
static1
1 signatures
General
-
Target
b9edd083436205c3bc9e146026977373
-
Size
11KB
-
MD5
b9edd083436205c3bc9e146026977373
-
SHA1
37df39199e4d0304441bde1e2fe9c74881676068
-
SHA256
2c9e205ec83a4b9d0b1f886230be2a20bf89713b3d46f8a5ff78fdaa57e3991c
-
SHA512
0144690e96f41139554338fe4619ab5746789f9b831b64ef5b5d1512225fc01121f68fa57cfb4da9bb615c665c1174574eaf1d6aee121cade3ac5d53021321ba
-
SSDEEP
192:p7SfMnWUTZxj/UyJYZWcIwGyft3lw1zrxeBNTiO4sOtSNPTVOcc:wMWUT/ha0ZCerxeBNTiO4sMShsL
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b9edd083436205c3bc9e146026977373
Files
-
b9edd083436205c3bc9e146026977373.sys windows:5 windows x86 arch:x86
0e85fa34cac047dce9902fe2a98eaf61
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
memset
ObReferenceObjectByName
memcpy
IoDeleteSymbolicLink
RtlInitUnicodeString
IoDeleteDevice
RtlGetVersion
ZwSetValueKey
ZwClose
IofCompleteRequest
KeServiceDescriptorTable
IoCreateSymbolicLink
MmIsAddressValid
IoCreateDevice
MmMapLockedPagesSpecifyCache
PsGetCurrentThreadId
strlen
swprintf
wcslen
wcsrchr
ObReferenceObjectByHandle
ObfDereferenceObject
RtlMultiByteToUnicodeN
wcscpy
ZwOpenKey
IoGetCurrentProcess
PsLookupProcessByProcessId
ObReferenceObjectByPointer
PsGetThreadProcessId
ExFreePoolWithTag
_wcsnicmp
ExAllocatePoolWithTag
_except_handler3
hal
KfRaiseIrql
KfLowerIrql
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 528B - Virtual size: 516B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 912B - Virtual size: 904B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 720B - Virtual size: 714B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ