c:\asdfr.prdb
Static task
static1
1 signatures
General
-
Target
b8a40946192de17a1bd5daf40b598cc3
-
Size
11KB
-
MD5
b8a40946192de17a1bd5daf40b598cc3
-
SHA1
688dc8bc54f40fcae03c1135cf369fb31e9a7ead
-
SHA256
1358060b0339f7ece9be472d002cfd358bc874265650a8dca67e3bd4a543a197
-
SHA512
1f7a6c07af9e21619e14b73eed4976ae363e92dad1a03c5f1c9e144337ca236922b7b8f239b1d85442d89ae10efe0d7298eacca2914dc4989e74adf220989743
-
SSDEEP
192:PAC7p1e7uLaSVJqF3CFTUdqva61svumPEj:Y17uLa7+TUdqaesU
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b8a40946192de17a1bd5daf40b598cc3
Files
-
b8a40946192de17a1bd5daf40b598cc3.sys windows:5 windows x86 arch:x86
a3e37b49a34f808bc022ec3dd6166cd2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
wcslen
RtlFreeUnicodeString
wcscpy
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ExFreePoolWithTag
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ExAllocatePoolWithTag
wcscat
swprintf
strchr
ZwClose
ZwSetValueKey
RtlInitUnicodeString
ZwOpenKey
RtlCompareMemory
RtlUpperString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwQueryValueKey
ZwEnumerateValueKey
ZwEnumerateKey
ZwDeviceIoControlFile
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
_wcsupr
Sections
.text Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 896B - Virtual size: 812B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 128B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 474B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ