mrxsmb.pdb
Static task
static1
1 signatures
General
-
Target
c7f1784e217e0fab32ab6e317a9573f5
-
Size
445KB
-
MD5
c7f1784e217e0fab32ab6e317a9573f5
-
SHA1
0e1fda8c8413b68fb44cc43b5a5db7d9309603ce
-
SHA256
5af1e8e9b83c08a16982d7aa1ad6d2e85a64f5528b21e4d7e191353eeaa27fd9
-
SHA512
fc9c35e176aaacdb42c1459f27fd042c297e87f6541bbd226783f06e4115505b68a4a9d9a9671b6efabbff59a37bf263a97aee58c81c8d9f990694f39e2bbb98
-
SSDEEP
12288:DXQU1N2+qMBtKy4LE4wxubJ2Li73ZpjgRdKWQ:DgUeeiW/MbJ2LO3ZpkRIx
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c7f1784e217e0fab32ab6e317a9573f5
Files
-
c7f1784e217e0fab32ab6e317a9573f5.sys windows:5 windows x86 arch:x86
c89d446e6ee510b0de74bbc558218aee
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
hal
ExReleaseFastMutex
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
KeGetCurrentIrql
ksecdd.sys
SecMakeSPN
CredMarshalTargetInfo
SecMakeSPNEx
AcquireCredentialsHandleW
InitializeSecurityContextW
FreeContextBuffer
FreeCredentialsHandle
DeleteSecurityContext
InitSecurityInterfaceW
QueryContextAttributesW
MapSecurityError
GetSecurityUserInfo
ntoskrnl.exe
IoAllocateMdl
RtlCompareMemory
DbgPrint
RtlEqualUnicodeString
FsRtlIsNameInExpression
RtlOemStringToCountedUnicodeString
RtlOemStringToUnicodeString
RtlxOemStringToUnicodeSize
RtlUpcaseUnicodeString
ExIsResourceAcquiredSharedLite
ExIsResourceAcquiredExclusiveLite
FsRtlDoesNameContainWildCards
KeQueryTimeIncrement
KeTickCount
RtlFreeOemString
RtlUpcaseUnicodeStringToOemString
RtlUnicodeStringToOemString
ZwFreeVirtualMemory
KeUnstackDetachProcess
KeStackAttachProcess
IoGetRequestorProcess
_alldiv
ProbeForWrite
ProbeForRead
RtlVerifyVersionInfo
VerSetConditionMask
ObfDereferenceObject
IofCompleteRequest
IoFreeIrp
KeWaitForSingleObject
IofCallDriver
IoAllocateIrp
IoGetRelatedDeviceObject
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
wcslen
_allmul
SeRegisterLogonSessionTerminatedRoutine
PoRegisterSystemState
SeUnregisterLogonSessionTerminatedRoutine
PoUnregisterSystemState
ZwSetValueKey
ExDeleteResourceLite
IoWMIRegistrationControl
MmBuildMdlForNonPagedPool
KeQuerySystemTime
MmUnmapLockedPages
KeGetCurrentThread
ExfInterlockedInsertTailList
ExInitializeNPagedLookasideList
ExFreePool
ExInitializeZone
KeInitializeSpinLock
InterlockedPopEntrySList
InterlockedPushEntrySList
ExDeleteNPagedLookasideList
RtlxUnicodeStringToOemSize
NlsMbOemCodePageTag
MmMapLockedPagesSpecifyCache
ExFreePoolWithTag
RtlCopySid
SeQueryInformationToken
IoGetRequestorProcessId
SeQuerySessionIdToken
FsRtlIsHpfsDbcsLegal
FsRtlIsFatDbcsLegal
IoBuildPartialMdl
RtlxUnicodeStringToAnsiSize
ExLocalTimeToSystemTime
RtlTimeFieldsToTime
RtlTimeToSecondsSince1970
ExSystemTimeToLocalTime
RtlSecondsSince1970ToTime
RtlTimeToTimeFields
RtlDecompressChunks
RtlCompareUnicodeString
MmSizeOfMdl
LsaFreeReturnBuffer
ExInitializeResourceLite
IoGetCurrentProcess
KeDelayExecutionThread
RtlRandom
ExInterlockedAddLargeStatistic
memmove
DbgBreakPoint
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
NtDeviceIoControlFile
_except_handler3
RtlCopyUnicodeString
IoRaiseInformationalHardError
MmProbeAndLockPages
RtlNtStatusToDosError
ZwDeviceIoControlFile
ZwCreateFile
_aulldiv
ObfReferenceObject
RtlCompressChunks
RtlGetCompressionWorkSpaceSize
MmLockPagableDataSection
KeCancelTimer
ExQueueWorkItem
MmUnlockPagableImageSection
KeSetTimer
KeInitializeDpc
KeClearEvent
KeInitializeTimer
_local_unwind2
RtlUpcaseUnicodeChar
RtlEqualSid
KeBugCheckEx
RtlInitUnicodeString
ZwOpenKey
ZwQueryValueKey
ZwClose
RtlFreeUnicodeString
RtlInitAnsiString
ZwWriteFile
RtlMultiByteToUnicodeN
RtlOemToUnicodeN
RtlUnicodeToOemN
RtlxAnsiStringToUnicodeSize
ZwFsControlFile
ZwSetInformationFile
ZwQueryInformationFile
RtlNtStatusToDosErrorNoTeb
RtlInitializeSid
RtlSubAuthoritySid
RtlSetOwnerSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
SeSinglePrivilegeCheck
SeTokenIsAdmin
IoGetTopLevelIrp
IoSetTopLevelIrp
ZwReadFile
RtlPrefixUnicodeString
PsGetProcessImageFileName
SeTokenIsRestricted
_wcsnicmp
IoGetDeviceObjectPointer
IoBuildDeviceIoControlRequest
FsRtlNotifyCleanup
FsRtlNotifyFullChangeDirectory
FsRtlNotifyUninitializeSync
FsRtlNotifyInitializeSync
IoGetRequestorSessionId
FsRtlNotifyFullReportChange
IoCreateSymbolicLink
RtlGenerate8dot3Name
RtlUnicodeStringToCountedOemString
IoDeleteSymbolicLink
wcscat
ZwOpenEvent
ExEventObjectType
IoWMIWriteEvent
NtClose
strncmp
_strnicmp
SeAccessCheck
ObGetObjectSecurity
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
SeSetSecurityDescriptorInfo
ObReleaseObjectSecurity
IoGetFileObjectGenericMapping
RtlMapGenericMask
SeExports
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
ExfInterlockedRemoveHeadList
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
RtlUpcaseUnicodeToOemN
PsTerminateSystemThread
PsCreateSystemThread
ZwWaitForSingleObject
ExfInterlockedAddUlong
KeResetEvent
KeSetEvent
MmUnlockPages
IoFreeMdl
RtlLengthRequiredSid
RtlLengthSecurityDescriptor
RtlValidRelativeSecurityDescriptor
KeInitializeEvent
SeCaptureSubjectContext
SeLockSubjectContext
SeQueryAuthenticationIdToken
SeUnlockSubjectContext
RtlIntegerToUnicodeString
SeReleaseSubjectContext
RtlAnsiStringToUnicodeString
IoCreateFile
ExAllocatePoolWithTag
IoDeleteDevice
ObReferenceObjectByHandle
ZwCreateEvent
IoInitializeTimer
IoCreateDevice
IoIsOperationSynchronous
IoStartTimer
IoStopTimer
ExAcquireResourceSharedLite
wcscpy
IoIsSystemThread
ExRaiseStatus
MmMapLockedPages
RtlInitString
_stricmp
NtWriteFile
NtCreateFile
strncpy
_wcsicmp
RtlDeleteElementGenericTable
RtlEnumerateGenericTable
RtlNumberGenericTableElements
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
ExAllocatePoolWithQuotaTag
RtlExtendedMagicDivide
IoFileObjectType
KeBugCheck
RtlInitializeGenericTable
PsIsThreadTerminating
rdbss.sys
RxNameCacheCheckEntry
RxNameCacheExpireEntry
RxNameCacheFetchEntry
RxNameCacheCreateEntry
RxNameCacheActivateEntry
RxNameCacheScavengeNameCaches
RxNewMapUserBuffer
RxpAcquirePrefixTableLockExclusive
RxCeQueryTransportInformation
RxCeQueryAdapterStatus
RxFinalizeConnection
RxpReleasePrefixTableLock
RxIndicateChangeOfBufferingStateForSrvOpen
RxCeInitiateVCDisconnect
RxCeBuildConnection
RxCeBuildConnectionOverMultipleTransports
RxCeTearDownVC
RxCeTearDownConnection
RxCeQueryInformation
RxCeSend
RxPurgeAllFobxs
RxScavengeAllFobxs
RxCeBuildTransport
RxCeBuildAddress
RxCeTearDownAddress
RxCeTearDownTransport
RxLogEventWithAnnotation
RxDereferenceAndDeleteRxContext_Real
RxFinalizeNetRoot
RxSetMinirdrCancelRoutine
RxNameCacheInitialize
RxNameCacheInitializeEx
RxGetRDBSSProcess
RxNameCacheFinalize
RxNameCacheFinalizeEx
RxSetSrvCallDomainName
RxCancelTimerRequest
RxPostOneShotTimerRequest
RxLowIoGetBufferAddress
RxAcquireSharedFcbResourceInMRx
RxInferFileType
RxIndicateChangeOfBufferingState
RxFinishFcbInitialization
RxCreateNetFobx
RxPostToWorkerThread
RxCeSendDatagram
RxReleaseFcbResourceForThreadInMRx
RxAcquireSharedFcbResourceInMRxEx
RxRegisterMinirdr
RxSpinDownMRxDispatcher
RxLogEventDirect
RxLogEventWithBufferDirect
RxFsdDispatch
RxpUnregisterMinirdr
RxLowIoCompletion
__RxSynchronizeBlockingOperationsMaybeDroppingFcbLock
RxResumeBlockedOperations_Serially
RxInitializeContext
RxGetFileSizeWithLock
RxReleaseFcbResourceInMRx
RxAcquireExclusiveFcbResourceInMRx
RxDispatchToWorkerThread
RxStopMinirdr
RxStartMinirdr
_RxFreePool
_RxAllocatePoolWithTag
RxSetDomainForMailslotBroadcast
RxLockEnumerator
RxForceFinalizeAllVNetRoots
RxScavengeFobxsForNetRoot
RxCompleteRequest_Real
RxpDereferenceAndFinalizeNetFcb
RxPurgeRelatedFobxs
RxpDereferenceNetFcb
RxpTrackDereference
RxpReferenceNetFcb
RxpTrackReference
tdi.sys
TdiDeregisterPnPHandlers
TdiRegisterPnPHandlers
Sections
.text Size: 111KB - Virtual size: 111KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
SECUR Size: 768B - Virtual size: 661B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 265KB - Virtual size: 265KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE4BRO Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE5NET Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 128B - Virtual size: 72B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1016B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ