f:\usboverip\usbipdriver\objfre_win7_amd64\amd64\USBIPEnum.pdb
Static task
static1
1 signatures
General
-
Target
virussign.com_04f1b5ee5739ae87372bab6bfeec4690.vir
-
Size
71KB
-
MD5
04f1b5ee5739ae87372bab6bfeec4690
-
SHA1
d10353c7c9677f1b54ac6f54ec99b98081a2d149
-
SHA256
ab53a6cec3327108b2d279f0c2f1b0d794b8212bbf028faa33fee9288dfe2004
-
SHA512
86bd40d1e48765c5f76a267dcf38ddcece449ed0dec180d76863d0f3b22faae4f8c435d0baccedbc593627623f10d1fdcfbd9e8d03c636156f094ee052d01784
-
SSDEEP
1536:pzqw+SWD8sOqK+B2HpuaFt3c8dGLRi2h7vS+P635BM2CplhmOCQnytpMO1KbS5MR:1T5uK+B2JuaFBc8dG9i2hzS+PQ5BM2Cr
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource virussign.com_04f1b5ee5739ae87372bab6bfeec4690.vir
Files
-
virussign.com_04f1b5ee5739ae87372bab6bfeec4690.vir.sys windows:6 windows x64 arch:x64
85dd7b8fcfc94e23da5f994652af4f0d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
ExInitializeNPagedLookasideList
KeSetEvent
ExpInterlockedPushEntrySList
KeReleaseSpinLock
ExpInterlockedPopEntrySList
MmMapLockedPagesSpecifyCache
IofCompleteRequest
ExQueryDepthSList
RtlCopyUnicodeString
KeAcquireSpinLockAtDpcLevel
IoReleaseCancelSpinLock
ExDeleteNPagedLookasideList
KeAcquireSpinLockRaiseToDpc
ExReleaseFastMutex
ExAcquireFastMutex
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
IoDeleteDevice
KeInitializeEvent
ExFreePoolWithTag
IoRequestDeviceEject
IoDetachDevice
PoSetPowerState
KeDelayExecutionThread
KeWaitForSingleObject
IoAttachDeviceToDeviceStack
ObfReferenceObject
IoCreateDevice
IoInvalidateDeviceState
IofCallDriver
PoStartNextPowerIrp
PoCallDriver
IoBuildSynchronousFsdRequest
IoGetAttachedDeviceReference
ObfDereferenceObject
IoWMIRegistrationControl
RtlInitUnicodeString
KeBugCheckEx
KeClearEvent
IoInvalidateDeviceRelations
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
ZwClose
ObOpenObjectByPointer
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString
RtlUnicodeToMultiByteN
RtlAnsiCharToUnicodeChar
wmilib.sys
WmiSystemControl
WmiCompleteRequest
Sections
.text Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 332B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ