volmgrx.pdb
Static task
static1
1 signatures
General
-
Target
e05944354c764ec75aa66aa47216aec7
-
Size
290KB
-
MD5
e05944354c764ec75aa66aa47216aec7
-
SHA1
29b64834179d05967ee43494072d10dcbdc54f47
-
SHA256
7655faed4518f9a7048bcded2f25ae1a3bf369170f8c75f7a3e00fabf5efa9f6
-
SHA512
dd7bbc20ad6528810175fb24dba5cab4c63db126ef379a3522514ca8ea6471cf90276dd0b3693f1a6197bbbb58c3a17b76ee47b2f317b26c70d1c93279147114
-
SSDEEP
6144:ldF5ilGCHNKgx4V9pfj5h/gmSuDzRWd7+9TlOvSCiNG7cWhxXMRW:l/sfCgiDzR2aTlkSCdPXF
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e05944354c764ec75aa66aa47216aec7
Files
-
e05944354c764ec75aa66aa47216aec7.sys windows:6 windows x86 arch:x86
48fe4eb55e766559a95b0656d5550051
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ObfDereferenceObject
IoWMIWriteEvent
ExAllocatePoolWithTag
memcpy
MmGetSystemRoutineAddress
RtlInitUnicodeString
RtlCompareMemory
IoWMIRegistrationControl
IofCompleteRequest
IofCallDriver
KeDelayExecutionThread
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
RtlStringFromGUID
IoGetDeviceObjectPointer
RtlQueryRegistryValues
ZwClose
ZwFlushKey
ZwOpenKey
RtlGUIDFromString
RtlFreeUnicodeString
RtlWriteRegistryValue
RtlDeleteRegistryValue
ZwQueryLicenseValue
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
_allmul
IoGetAttachedDeviceReference
ExUuidCreate
KeQuerySystemTime
_aulldiv
IoForwardIrpSynchronously
IoGetDevicePropertyData
KdDebuggerNotPresent
KdDebuggerEnabled
IoGetDeviceInterfaces
ExQueueWorkItem
RtlEqualUnicodeString
_vsnprintf
ExFreePoolWithTag
isspace
RtlCharToInteger
RtlInt64ToUnicodeString
_stricmp
IoBuildSynchronousFsdRequest
_aullrem
InterlockedPopEntrySList
InterlockedPushEntrySList
ExInitializeNPagedLookasideList
IoFreeMdl
KeClearEvent
IoFreeIrp
IoReuseIrp
IoAllocateIrp
ObfReferenceObject
_allshl
_aulldvrm
_aullshr
MmFreeMappingAddress
IoBuildPartialMdl
MmUnmapLockedPages
FsRtlIsTotalDeviceFailure
KeSetEvent
IoRaiseInformationalHardError
IoAllocateMdl
MmBuildMdlForNonPagedPool
IoCreateSymbolicLink
IoDeleteSymbolicLink
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
MmUnmapReservedMapping
MmMapLockedPagesWithReservedMapping
MmMapLockedPagesSpecifyCache
KeInitializeSemaphore
KeReleaseSemaphore
MmUnlockPages
IoBuildAsynchronousFsdRequest
KeBugCheckEx
MmAllocateMappingAddress
KeTickCount
memset
_purecall
_vsnwprintf
EtwWrite
EtwUnregister
EtwEventEnabled
EtwProviderEnabled
EtwRegister
hal
KfReleaseSpinLock
KfAcquireSpinLock
Sections
.text Size: 78KB - Virtual size: 77KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 180KB - Virtual size: 180KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ