c:\winddk\3790\src\input\ps2m6.16b2\daytona\objfre_wnet_x86\i386\tsharcp.pdb
Static task
static1
1 signatures
General
-
Target
83b5e24144c0ef58b38eaff9ce9cf0758e9beccc7db97db72450d1edf11648f7
-
Size
62KB
-
MD5
4289b8124f60ad663e14c917ebaaacac
-
SHA1
14219effd50e5353a9908d44b12a5619796fc5cf
-
SHA256
83b5e24144c0ef58b38eaff9ce9cf0758e9beccc7db97db72450d1edf11648f7
-
SHA512
c15a73b868d63998b0b3432eb18747b7e156d23a62269100d1fd6b3a92d01fce2d25a71f58d1d8daea36c6fa078c3146d1a64423a2ad6c8b6589410fbbbb90e0
-
SSDEEP
1536:Dv3Il4DvBskHcwTS5tsACiClL1+GOC3lndfFHI97OXg:DBr8ftsAM1+C9070g
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 83b5e24144c0ef58b38eaff9ce9cf0758e9beccc7db97db72450d1edf11648f7
Files
-
83b5e24144c0ef58b38eaff9ce9cf0758e9beccc7db97db72450d1edf11648f7.sys windows:5 windows x86 arch:x86
7fffea17e4f0f618997aaa0d8b582267
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoStartPacket
memmove
ObfDereferenceObject
IoGetAttachedDeviceReference
ExAllocatePoolWithTag
RtlQueryRegistryValues
RtlAppendUnicodeToString
MmMapIoSpace
KeInsertQueueDpc
KeSetTimer
KeSynchronizeExecution
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
IoAllocateController
IoDeleteController
MmUnmapIoSpace
KeDelayExecutionThread
wcslen
KeInitializeDpc
KeInitializeTimer
IoCreateController
PoStartNextPowerIrp
PoSetPowerState
KeQueryTimeIncrement
KeTickCount
_allmul
ZwClose
IoOpenDeviceRegistryKey
DbgBreakPointWithStatus
KdDebuggerEnabled
KdDebuggerNotPresent
KeBugCheckEx
_except_handler3
IoConnectInterrupt
KeWaitForSingleObject
RtlFreeUnicodeString
IoSetDeviceInterfaceState
IoDisconnectInterrupt
KeSetTimerEx
_wcsupr
_alldiv
IoAllocateIrp
MmLockPagableDataSection
IoUnregisterPlugPlayNotification
IoFreeWorkItem
wcscmp
IoQueueWorkItem
IoAllocateWorkItem
KeInitializeTimerEx
IoRegisterPlugPlayNotification
KeSetEvent
IoInvalidateDeviceState
IoQueryDeviceDescription
IoRegisterDeviceInterface
ExQueueWorkItem
IoCreateDevice
IoAttachDeviceToDeviceStack
IoDeleteDevice
IoDetachDevice
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
IoWMIRegistrationControl
PoCallDriver
ZwSetValueKey
ZwQueryValueKey
ZwOpenKey
RtlAnsiStringToUnicodeString
RtlInitAnsiString
_snprintf
KeLeaveCriticalRegion
KeEnterCriticalRegion
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
KeCancelTimer
IoFreeIrp
KefAcquireSpinLockAtDpcLevel
ExFreePoolWithTag
KefReleaseSpinLockFromDpcLevel
IoFreeController
IoStartNextPacket
IofCompleteRequest
KeRemoveQueueDpc
RtlInitUnicodeString
hal
KfAcquireSpinLock
KeStallExecutionProcessor
KfRaiseIrql
KfLowerIrql
READ_PORT_UCHAR
KfReleaseSpinLock
KeGetCurrentIrql
WRITE_PORT_UCHAR
wmilib.sys
WmiSystemControl
WmiCompleteRequest
Sections
.text Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEMOUC Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ