D:\Bear\Project\Yaphon\DM\DM_1.0.8_OEM\Code\WorkDriver\objfre_wxp_x86\i386\WorkDriver.pdb
Static task
static1
1 signatures
General
-
Target
baec3084dfee4ca5ce9f09fa6999a736
-
Size
7KB
-
MD5
baec3084dfee4ca5ce9f09fa6999a736
-
SHA1
3194477bcbc9b4c1788ef05b158db1dc00a7445d
-
SHA256
e1f784c35c477f542ad7dbea33e5555cdfa7278d04aca8c145bd413dd6a2c3cd
-
SHA512
b3a1682cf50acc6be511db0918d2673777c54a540b6018546667523915d025c993b9c4c2dbf7df5af973a4682305ad8c2823ae4d1ef5f61028e0b71d38677fb1
-
SSDEEP
96:aZ7akmG3rYPJJtvq6Fncrl+mBwM3sE0Ax:L5G3rYtqkU+aV37v
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource baec3084dfee4ca5ce9f09fa6999a736
Files
-
baec3084dfee4ca5ce9f09fa6999a736.sys windows:5 windows x86 arch:x86
d08b6d6c8d2033402a0f32fa40a76036
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwClose
ZwCreateFile
RtlInitUnicodeString
_except_handler3
_local_unwind2
ExFreePoolWithTag
ZwQueryValueKey
ZwOpenKey
ZwWriteFile
ZwSetValueKey
ZwCreateKey
wcslen
wcscat
wcscpy
IoDeleteDevice
IoRegisterShutdownNotification
IoCreateDevice
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 422B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 512B - Virtual size: 484B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 434B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ