i:\_123\_kermil\DRIVER.pdb
Static task
static1
1 signatures
General
-
Target
d3ddfe9ad0c572d813471262a24ac829
-
Size
10KB
-
MD5
d3ddfe9ad0c572d813471262a24ac829
-
SHA1
52d912a904db4611adc247cc34c12580b980c480
-
SHA256
29d933ad7c3f3aa0b3907921355a43763ad89d86884eb221348bdbd345839b35
-
SHA512
642b69eab42eaf3d8c4ec7d18ca394ff3eed4b4bbe9b2bbc0446a911fdb1678c26304c7190ebc8919cbca8245a3d3929077bc2406dab67017f4dd7c4c3e04372
-
SSDEEP
192:d5/iPUen1ptzptQgxZBHnUi2kt/cub6f1nU3:dx1+TntNxZBHnUct/Zb6f1n
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d3ddfe9ad0c572d813471262a24ac829
Files
-
d3ddfe9ad0c572d813471262a24ac829.sys windows:5 windows x86 arch:x86
192df44304d86335e28621abf63fdb0f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
_except_handler3
ProbeForRead
ExGetPreviousMode
ExFreePool
ObQueryNameString
ObfDereferenceObject
ObReferenceObjectByHandle
KeReleaseMutex
_wcsnicmp
wcslen
wcsncpy
ZwEnumerateKey
RtlInitUnicodeString
KeServiceDescriptorTable
IofCompleteRequest
NtBuildNumber
KeInitializeMutex
IoDeleteDevice
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
KeWaitForSingleObject
ExAllocatePoolWithTag
hal
KfLowerIrql
KeRaiseIrqlToDpcLevel
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 484B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 256B - Virtual size: 200B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 896B - Virtual size: 774B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 418B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ