c:\users\administrator\desktop\Bin\i386\Winpwxy.pdb
Static task
static1
1 signatures
General
-
Target
5ceed787cdafff19cf5f08b0a3e329709e561395e88dc2490176e702837fd8ea
-
Size
1.5MB
-
MD5
5889df797d61571114dfa25b31f0d742
-
SHA1
82e4690bf54c5f50a3dea1cf680ff51c88d2aef7
-
SHA256
5ceed787cdafff19cf5f08b0a3e329709e561395e88dc2490176e702837fd8ea
-
SHA512
faec301028f4743a509a6ce85ff425d47780bc439f54a07a752cc04ac975c41f436de1e8a49211c0a4c200ddc7d2de812a97c464706c27373a989cbf729f4fe5
-
SSDEEP
49152:wMw3KLAPJWkI+3mFQ3+fHQpxH2Nkjnj7FtNuTBiw:wVaLAhWgX+fHQpxH2K+Biw
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5ceed787cdafff19cf5f08b0a3e329709e561395e88dc2490176e702837fd8ea
Files
-
5ceed787cdafff19cf5f08b0a3e329709e561395e88dc2490176e702837fd8ea.sys windows:6 windows x86 arch:x86
ed52ccecf7e1d043b00b21607e5d5d33
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
memcpy
memset
ZwWriteFile
ZwSetInformationFile
ZwQueryInformationFile
_strnicmp
PsGetProcessImageFileName
IoCreateFile
ZwClose
ExFreePoolWithTag
ZwReadFile
ZwFlushKey
ZwSetValueKey
ZwQueryValueKey
ZwCreateKey
ZwCreateFile
KeQuerySystemTime
ZwDeleteFile
MmIsAddressValid
RtlCopyUnicodeString
ObQueryNameString
ZwDeleteKey
ZwOpenKey
ZwQueryDirectoryFile
DbgPrint
RtlInitUnicodeString
RtlAppendUnicodeStringToString
ZwEnumerateKey
ZwQueryKey
KeUnstackDetachProcess
KeStackAttachProcess
_wcsicmp
KeGetCurrentThread
IoFreeIrp
IoFreeMdl
KeSetEvent
ExAllocatePool
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoAllocateIrp
IoGetRelatedDeviceObject
IoGetDeviceAttachmentBaseRef
SeCreateAccessState
IoGetFileObjectGenericMapping
ObCreateObject
ObfDereferenceObject
ObReferenceObjectByHandle
IoFileObjectType
MmGetSystemRoutineAddress
_wcsnicmp
CmRegisterCallback
CmUnRegisterCallback
ZwTerminateProcess
ObOpenObjectByPointer
PsProcessType
PsGetProcessSectionBaseAddress
PsLookupProcessByProcessId
PsGetProcessId
PsInitialSystemProcess
IofCompleteRequest
PsTerminateSystemThread
PsSetCreateProcessNotifyRoutine
NtShutdownSystem
PsCreateSystemThread
IoRegisterDriverReinitialization
IoRegisterShutdownNotification
IoCreateDevice
RtlGetVersion
KeTickCount
KeBugCheckEx
RtlUnwind
_vsnwprintf
_vsnprintf
KeDelayExecutionThread
KeInsertQueueApc
KeInitializeApc
ZwQuerySystemInformation
PsLookupThreadByThreadId
_stricmp
_allmul
RtlEqualUnicodeString
PsGetProcessPeb
ZwAllocateVirtualMemory
ZwOpenFile
hal
KeRaiseIrqlToDpcLevel
KfLowerIrql
Sections
.text Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 988B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 864B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ