E:\PROJECT\FancyCache\release\drv\win10\amd64\rxfcv_srv.pdb
Static task
static1
1 signatures
General
-
Target
617ea24984cb129f2129563952c4a5805e93e0db1ce3e927ff9e306aef6b1a63
-
Size
155KB
-
MD5
3cd951171ba107fa35d7cac38b65b6ce
-
SHA1
ffbaa3559c851cc38ee6d95860420c2437da588f
-
SHA256
617ea24984cb129f2129563952c4a5805e93e0db1ce3e927ff9e306aef6b1a63
-
SHA512
caa13c96bd880cd83c71ce17c230d1235d34051dbf3ea469ad67ecc7b089750b4ecea19a626e6a0dffe83189c8c33d16cad26ea37d188ed04b307bfdb9fa6794
-
SSDEEP
3072:Fx2wCHkf+Lre/d+I63SWnkB3pmdtgKQz25pwuo1M7hmdZC8:RZWLa/dftWkCOupsZC
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 617ea24984cb129f2129563952c4a5805e93e0db1ce3e927ff9e306aef6b1a63
Files
-
617ea24984cb129f2129563952c4a5805e93e0db1ce3e927ff9e306aef6b1a63.sys windows:10 windows x64 arch:x64
e47a7ca085c8d28af059a3defa00723f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
rxbsknl.sys
RxbsCreateHyperDevice
RxbsCloseHyperDevice
RxbsSetParamHyperSystem
RxbsGetParamHyperSystem
RxbsStartHyperSystem
RxbsGetHyperSystemState
RxbsConnectHyperSystem
RxbsDisconnectHyperSystem
ntoskrnl.exe
KeSetPriorityThread
KeWaitForSingleObject
ExFreePoolWithTag
ExInterlockedRemoveHeadList
PsTerminateSystemThread
KeInitializeEvent
KeInitializeGuardedMutex
KeAcquireGuardedMutex
KeReleaseGuardedMutex
ExAllocatePoolWithTag
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
IoAllocateMdl
IoFreeMdl
RtlCompareMemory
ExUuidCreate
RtlInitUnicodeString
KeClearEvent
KeSetEvent
ExInterlockedInsertTailList
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoRegisterShutdownNotification
IoRegisterLastChanceShutdownNotification
IoUnregisterShutdownNotification
ObfDereferenceObject
MmGetSystemRoutineAddress
RtlCopyUnicodeString
RtlIsNtDdiVersionAvailable
KdDisableDebugger
KdEnableDebugger
IoAttachDeviceToDeviceStack
IoBuildSynchronousFsdRequest
IofCallDriver
IoInitializeRemoveLockEx
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
IoRegisterDeviceInterface
ZwClose
IoRegisterBootDriverReinitialization
IoRegisterDriverReinitialization
IoGetAttachedDevice
KdDebuggerEnabled
InitSafeBootMode
NtBuildNumber
IoReleaseRemoveLockAndWaitEx
KeInitializeDpc
KeFlushQueuedDpcs
KeInitializeTimer
KeCancelTimer
KeSetTimerEx
KeInsertQueue
RtlFreeUnicodeString
RtlStringFromGUID
ZwEnumerateValueKey
ZwSetValueKey
KeReadStateEvent
KeReadStateTimer
KeSetTimer
KeWaitForMultipleObjects
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
KeQueryActiveProcessorCountEx
KeDelayExecutionThread
IoAllocateIrp
IoBuildPartialMdl
IoFreeIrp
KeRemoveQueue
ExAllocatePoolWithTagPriority
ZwQueryValueKey
KeEnterCriticalRegion
KeLeaveCriticalRegion
IoDetachDevice
IoSetDeviceInterfaceState
ZwCreateFile
ZwOpenFile
ZwQueryInformationFile
ZwReadFile
ZwWriteFile
ZwDeleteFile
_vsnwprintf
_strnicmp
RtlGUIDFromString
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
ZwCreateKey
ZwOpenKey
ZwDeleteValueKey
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
RtlSetOwnerSecurityDescriptor
ZwSetSecurityObject
ObReferenceObjectByName
SeExports
KeGetCurrentIrql
IoGetStackLimits
ExEventObjectType
ExWindowStationObjectType
KeSetSystemGroupAffinityThread
KeRevertToUserGroupAffinityThread
KeQueryNodeActiveAffinity
KeQueryHighestNodeNumber
MmBuildMdlForNonPagedPool
MmAllocatePagesForMdlEx
MmFreePagesFromMdl
MmCreateMdl
ZwQuerySystemInformation
PsCreateSystemThread
ObReferenceObjectByHandle
KeInitializeQueue
KeRundownQueue
wcschr
RtlUnicodeStringToInteger
RtlEqualUnicodeString
IoAllocateErrorLogEntry
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
IoWriteErrorLogEntry
IoOpenDeviceRegistryKey
IoGetDevicePropertyData
ObfReferenceObject
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
RtlPrefixUnicodeString
RtlQueryRegistryValues
RtlCompareUnicodeString
PsGetVersion
ExAllocatePoolWithQuotaTag
Sections
.text Size: 114KB - Virtual size: 113KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
EXTRA Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
CPATA Size: 512B - Virtual size: 401B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ