Z:\MMDriver\bin\FAT32.pdb
Static task
static1
1 signatures
General
-
Target
d4cf2bdaa5f7ab85419614c74259bdc4
-
Size
24KB
-
MD5
d4cf2bdaa5f7ab85419614c74259bdc4
-
SHA1
973fa45f45405a124d07aaf6019b89b726bad5e5
-
SHA256
1bab1284ae8e2d3fe00930638f946afbfe4675fcf9822f746bc1326819b2d9a4
-
SHA512
38ef479dba851937133b83d52bc3e6295a592ae56e91ddcf3407514b08091d1795b29b8af9d222b41c9b0d85c0700c8fadf8e2f4ab8e504db58ccca094013089
-
SSDEEP
384:/AE+JZ34uvSD1BnrBEHJhqAT+sIO+Mx160bMyW0niTJs:/m4ucBn1EHJ3+WtuJs
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d4cf2bdaa5f7ab85419614c74259bdc4
Files
-
d4cf2bdaa5f7ab85419614c74259bdc4.sys windows:5 windows x86 arch:x86
d6b4a0a57d9f8bb19d143fd00f38c443
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
PsGetVersion
KeDetachProcess
KeInsertQueueApc
KeInitializeApc
ObReferenceObjectByHandle
ZwOpenThread
KeQuerySystemTime
KeWaitForSingleObject
KeInitializeEvent
_allrem
_alldiv
_aullrem
_allmul
_aulldiv
ExfInterlockedRemoveHeadList
IofCompleteRequest
InterlockedExchange
ExfInterlockedInsertTailList
KeInitializeSpinLock
wcslen
IoCreateSymbolicLink
IoCreateDevice
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlCompareMemory
IoDeleteDevice
IoDeleteSymbolicLink
KeDelayExecutionThread
KeSetEvent
IoGetCurrentProcess
KeUnstackDetachProcess
KeStackAttachProcess
ZwSetValueKey
ZwCreateKey
ZwOpenKey
strncat
ZwQueryValueKey
ZwEnumerateKey
PsTerminateSystemThread
KeClearEvent
KeResetEvent
PsCreateSystemThread
KeGetCurrentThread
PsGetCurrentThreadId
DbgPrint
MmMapLockedPages
IoFreeMdl
NtQueryInformationFile
mbstowcs
MmIsAddressValid
memmove
_strnicmp
NtQuerySystemInformation
IoCreateFile
NtReadFile
PsLookupProcessByProcessId
KeAttachProcess
ZwQueryInformationProcess
_wcsicmp
_except_handler3
PsGetCurrentProcessId
ZwOpenProcess
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
RtlFreeUnicodeString
RtlInitUnicodeString
_stricmp
ZwQuerySystemInformation
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ZwOpenFile
ExAllocatePoolWithTag
ZwReadFile
ExFreePool
ZwClose
ZwTerminateProcess
ZwQueryInformationFile
hal
KfRaiseIrql
KeQueryPerformanceCounter
KfReleaseSpinLock
KfAcquireSpinLock
KfLowerIrql
ndis.sys
NdisRegisterProtocol
NdisDeregisterProtocol
NdisWaitEvent
NdisAllocatePacketPool
NdisSystemProcessorCount
NdisFreePacket
NdisOpenAdapter
NdisResetEvent
NdisCloseAdapter
NdisSetEvent
NdisFreePacketPool
NdisUnchainBufferAtFront
NdisDprFreePacket
NdisAllocateBuffer
NdisDprAllocatePacket
NdisInitializeEvent
NdisAllocatePacket
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 640B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ