e:\project\newcell4.0\驱动\sys\i386\ncio.pdb
Static task
static1
1 signatures
General
-
Target
b9745f49a31c2a5481e00461aeaad48c
-
Size
5KB
-
MD5
b9745f49a31c2a5481e00461aeaad48c
-
SHA1
1d47edea8e064147c1920e9eb8e0585720da8f20
-
SHA256
5988786d1541d90e63f79efc2306ba7cef42bba52173fbf93153b3985cf19236
-
SHA512
64609198720c87c859a8503545c670308866aa9b0da74e9c079388968be6f2528455df89eb74dbb4fd29a0b6f22a6f6c612499f5d345844f53c73ae470ab727c
-
SSDEEP
96:EQxeGeFayX81mjW6Tu3dWGPrZWid2h24wRYzpE6dr74k:zxepOUKBAGvfJY1E6T
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b9745f49a31c2a5481e00461aeaad48c
Files
-
b9745f49a31c2a5481e00461aeaad48c.sys windows:5 windows x86 arch:x86
a48e0d88d6398030eeb8d151f500e1ce
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
strncmp
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoGetCurrentProcess
RtlFreeUnicodeString
RtlCompareUnicodeString
RtlAnsiStringToUnicodeString
_snprintf
PsGetCurrentProcessId
DbgPrint
ExFreePoolWithTag
ExAllocatePoolWithTag
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 243B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 52B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 640B - Virtual size: 552B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 256B - Virtual size: 216B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ