c:\reactor3\client\Release\client.pdb
Static task
static1
1 signatures
General
-
Target
c39eb360fd2f667b3aade5c087ee3b27
-
Size
177KB
-
MD5
c39eb360fd2f667b3aade5c087ee3b27
-
SHA1
995b7735bfec19680a9615e208a895151218e343
-
SHA256
00c09e3406fe25d3ea5c4826d78e5851194ce6d3d35927d754f6a11813187d37
-
SHA512
76055afdeccd9593b33f4262d5f084865958106886924a875bd860d8e292d2907ccbdb762692f8b972cb26018cdcb032c233290e651bbd1f317aa8deca9163fa
-
SSDEEP
3072:/wDZY9TBoOmiUXI0CFRJXYK/bSh5aTb3fKIhBwMToG3rAMHG:/4ZYkJiv0wXYK2TaTTDLoGlH
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c39eb360fd2f667b3aade5c087ee3b27
Files
-
c39eb360fd2f667b3aade5c087ee3b27.sys windows:5 windows x86 arch:x86
748be66584b0e3765fb76b9639245c64
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
KeWaitForSingleObject
KeInitializeSpinLock
RtlFreeAnsiString
RtlFreeUnicodeString
IoDeleteDevice
PsCreateSystemThread
sprintf
KeSetEvent
RtlUnicodeStringToAnsiString
ZwClose
IoCreateDevice
strncmp
strstr
KeQuerySystemTime
strncpy
MmIsAddressValid
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
wcsncpy
RtlInitAnsiString
wcsncat
IoFreeMdl
IoDriverObjectType
MmProbeAndLockPages
MmUnlockPages
ObReferenceObjectByName
IoRegisterFsRegistrationChange
IoAllocateMdl
KeDelayExecutionThread
ZwReadFile
ZwCreateFile
ZwQueryInformationFile
ZwWriteFile
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
tolower
ExAllocatePool
RtlAnsiStringToUnicodeString
isupper
ZwQueryDirectoryFile
ZwDeleteFile
ZwOpenFile
ZwQueryValueKey
isdigit
_wcsicmp
RtlCompareUnicodeString
MmMapLockedPages
ZwEnumerateValueKey
KeServiceDescriptorTable
ZwLoadDriver
ZwEnumerateKey
ZwOpenKey
ZwCreateKey
ZwDeleteValueKey
ZwSetValueKey
strchr
RtlInitUnicodeString
ZwOpenDirectoryObject
ZwQueryDirectoryObject
RtlTimeToTimeFields
KeTickCount
KeInitializeEvent
PsTerminateSystemThread
ZwDeleteKey
ZwFlushKey
KeInitializeSemaphore
KeReleaseSemaphore
KeReadStateSemaphore
isspace
toupper
ObReferenceObjectByHandle
IofCompleteRequest
ExFreePool
memcpy
memset
_except_handler3
_allrem
hal
KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
Sections
.text Size: 125KB - Virtual size: 124KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ