disk.pdb
Static task
static1
1 signatures
General
-
Target
b9f9fc32ca9137397f4ed6845be20463
-
Size
35KB
-
MD5
b9f9fc32ca9137397f4ed6845be20463
-
SHA1
6a5efef3c93f9a8ccae16bf19ee37111743e58f4
-
SHA256
58e6cfbc41469c4293fcf88437fa23962777b32c47a9b22773f4bc2f5bb4d9e2
-
SHA512
639138adaf302c0ce20b8e0efe5f18c2f631ea576a050a57b3ee40fcae346093b564674fdf86da79124f33ddca2f246665083d67e313c51d044f8c1a8cd4b59f
-
SSDEEP
768:bgeJpBApQnLs/oGMjZYEY/kETW/VbwTCJFgQgkV:bgeJpBAinQAGMjZYpktu+JFgQgkV
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b9f9fc32ca9137397f4ed6845be20463
Files
-
b9f9fc32ca9137397f4ed6845be20463.sys windows:5 windows x86 arch:x86
2a7faa69cfee2416e3d62673a51c91e5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IoFreeIrp
IoFreeMdl
IoWMIRegistrationControl
ExfInterlockedPopEntryList
KeInitializeSpinLock
ExQueueWorkItem
ExfInterlockedPushEntryList
MmBuildMdlForNonPagedPool
IoAllocateMdl
ZwQueryValueKey
RtlUnicodeStringToInteger
IoReadDiskSignature
ZwOpenKey
IoReadPartitionTable
DbgPrint
IoReadPartitionTableEx
IoWritePartitionTableEx
IoSetPartitionInformationEx
IoSetPartitionInformation
IoRegisterBootDriverReinitialization
IoGetConfigurationInformation
RtlQueryRegistryValues
IoOpenDeviceRegistryKey
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlAnsiStringToUnicodeString
RtlInitAnsiString
sprintf
IoCreateSymbolicLink
IoDeleteSymbolicLink
RtlFreeUnicodeString
IoSetDeviceInterfaceState
KeInitializeMutex
InitSafeBootMode
IoRegisterDeviceInterface
HalExamineMBR
KeTickCount
KeBugCheckEx
_allmul
_allrem
IoAllocateWorkItem
IoQueueWorkItem
IoReportTargetDeviceChangeAsynchronous
IoBuildDeviceIoControlRequest
IoBuildSynchronousFsdRequest
IoInvalidateDeviceRelations
memmove
IoCreateDisk
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
IoAllocateIrp
IofCallDriver
_allshr
IoFreeWorkItem
KeWaitForSingleObject
KeReleaseMutex
ExAllocatePoolWithTag
KeSetEvent
strncmp
IoSetHardErrorOrVerifyDevice
swprintf
RtlInitUnicodeString
ZwCreateDirectoryObject
IoGetAttachedDeviceReference
ZwMakeTemporaryObject
ZwClose
ExFreePoolWithTag
IoAttachDeviceToDeviceStack
IoDeleteDevice
KeInitializeEvent
IoVerifyPartitionTable
ObfDereferenceObject
classpnp.sys
ClassQueryTimeOutRegistryValue
ClassUpdateInformationInRegistry
ClassInitializeMediaChangeDetection
ClassGetDeviceParameter
ClassDeleteSrbLookasideList
ClassReadDriveCapacity
ClassSignalCompletion
ClassMarkChildMissing
ClassInitializeSrbLookasideList
ClassNotifyFailurePredicted
ClassSetFailurePredictionPoll
ClassWmiCompleteRequest
ClassInterpretSenseInfo
ClassSpinDownPowerHandler
ClassInitialize
ClassInitializeEx
ClassSendDeviceIoControlSynchronous
ClassAcquireChildLock
ClassReleaseChildLock
ClassDeviceControl
ClassInvalidateBusRelations
ClassSetDeviceParameter
ClassModeSense
ClassFindModePage
ClassAcquireRemoveLockEx
ClassAsynchronousCompletion
ClassSendSrbSynchronous
ClassIoComplete
ClassReleaseRemoveLock
ClassCompleteRequest
ClassClaimDevice
ClassCreateDeviceObject
ClassScanForSpecial
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 384B - Virtual size: 264B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 384B - Virtual size: 336B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 992B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ