X:\drv\dist\win7\usbkbd\win7_release_obj\usbkbd.pdb
Static task
static1
1 signatures
General
-
Target
c40595a277dc4808bda49053081c4858
-
Size
510KB
-
MD5
c40595a277dc4808bda49053081c4858
-
SHA1
edd5110a095072cd7ca58051044a21c4acc0cf97
-
SHA256
5645ba7afcefc4da9037d02325b45362ce1012ccf07b74640219d5b1af868784
-
SHA512
066a7116b180062e889e9b2a30dea37d0cd366fcb712371d10de844538864972c1c674b656489736877002fe8cec64408db4c7a23701eeb6947976f3e703e03f
-
SSDEEP
12288:QoUdMF1VVeSUTrNUSvfiHpe4fi4JaZ3AA:QPdc1V0TrCSvfi843aZ3A
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c40595a277dc4808bda49053081c4858
Files
-
c40595a277dc4808bda49053081c4858.sys windows:6 windows x86 arch:x86
c018222155124e4cb4e5f12e57b53e8a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ZwSetInformationFile
RtlCompareMemory
ZwReadFile
ZwWriteFile
ExAllocatePool
RtlInitUnicodeString
ExSystemTimeToLocalTime
KeQuerySystemTime
RtlAppendUnicodeToString
memcpy
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
KeQueryTimeIncrement
KeTickCount
_allmul
ZwAllocateVirtualMemory
ZwOpenProcess
ZwFreeVirtualMemory
KeDelayExecutionThread
RtlCopyUnicodeString
ObReferenceObjectByHandle
ObfDereferenceObject
PsCreateSystemThread
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
ZwNotifyChangeKey
KeCancelTimer
KeSetTimerEx
_wcsicmp
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
memmove
PsLookupProcessByProcessId
RtlTimeToTimeFields
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
IoAllocateMdl
_except_handler3
MmUnmapLockedPages
MmUnsecureVirtualMemory
ObQueryNameString
RtlCompareUnicodeString
RtlFreeUnicodeString
RtlStringFromGUID
ExUuidCreate
strstr
KeWaitForSingleObject
MmUnlockPages
MmProbeAndLockProcessPages
KeSetEvent
KeDetachProcess
KeAttachProcess
KeClearEvent
KeWaitForMultipleObjects
memset
NtAllocateVirtualMemory
KeInitializeEvent
KeInsertQueueApc
KeInitializeApc
PsLookupThreadByThreadId
PsGetCurrentThreadId
IoCreateSynchronizationEvent
KeResetEvent
MmProbeAndLockPages
MmIsAddressValid
ZwQueryInformationFile
KeAddSystemServiceTable
PsGetCurrentProcessId
ExGetPreviousMode
ExfInterlockedInsertTailList
ZwOpenKey
ZwEnumerateKey
ZwQueryValueKey
ZwDeleteKey
ZwSetValueKey
NtAddAtom
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlCompareString
RtlInitString
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
IofCompleteRequest
ExfInterlockedInsertHeadList
IoDeleteDevice
IoCreateSymbolicLink
IoRegisterShutdownNotification
IoCreateDevice
wcsncat
IoDetachDevice
IofCallDriver
PoCallDriver
PoStartNextPowerIrp
PsTerminateSystemThread
KeReleaseMutex
KeReadStateEvent
PsSetCreateProcessNotifyRoutine
ExfInterlockedRemoveHeadList
KeSetTimer
ExRegisterCallback
ExCreateCallback
KeInitializeTimerEx
IoCreateNotificationEvent
PsSetLoadImageNotifyRoutine
PsSetCreateThreadNotifyRoutine
ExInitializeResourceLite
InitSafeBootMode
PsGetVersion
ExIsResourceAcquiredExclusiveLite
ExAcquireResourceSharedLite
ExIsResourceAcquiredSharedLite
IoBuildDeviceIoControlRequest
ZwOpenFile
ZwWaitForSingleObject
ZwQueryDirectoryFile
ZwCreateEvent
RtlEqualUnicodeString
qsort
bsearch
ZwFsControlFile
ZwDeviceIoControlFile
ZwQueryVolumeInformationFile
ZwOpenSection
ZwCreateSection
ZwUnmapViewOfSection
ZwMapViewOfSection
IoGetDeviceObjectPointer
KeBugCheckEx
ZwCreateFile
ZwClose
wcsncpy
ExFreePoolWithTag
KeServiceDescriptorTable
ExAllocatePoolWithTag
hal
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql
Sections
.text Size: 160KB - Virtual size: 160KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 118KB - Virtual size: 118KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 201KB - Virtual size: 200KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ