c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2015\Release\FTSER2K.pdb
Static task
static1
1 signatures
General
-
Target
d6a367c48ae61e929f7e63d583676e48ccc518304c46ce7023060a29b9869810
-
Size
92KB
-
MD5
913b6e84f5bae2f6f31aee9751652a5b
-
SHA1
08bed8d4291746f1a8b670111b7a7d0ae777f4bc
-
SHA256
d6a367c48ae61e929f7e63d583676e48ccc518304c46ce7023060a29b9869810
-
SHA512
50fe1dd1b5b0d69d97411bd2ed0514c41e7a9e61ad0830f169368f3458cf746a5160e0d7f60ae77d3b1a4580609aa380416dabf5a61f922604a442f8e6030af3
-
SSDEEP
1536:lVafdJikomtrqzLYuYk5/FM7deMu6IMjxp0uZh6lPO1W4bmVza:YJipmlqYuY/deMuPcZhnIu
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d6a367c48ae61e929f7e63d583676e48ccc518304c46ce7023060a29b9869810
Files
-
d6a367c48ae61e929f7e63d583676e48ccc518304c46ce7023060a29b9869810.sys windows:10 windows x86 arch:x86
64b16b5c5ac366553b023d1a03fdb307
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
KefReleaseSpinLockFromDpcLevel
_allmul
KeGetCurrentThread
KeClearEvent
KeSetPriorityThread
KeSetTimer
KeWaitForMultipleObjects
PsCreateSystemThread
PsTerminateSystemThread
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
PoRequestPowerIrp
ObReferenceObjectByHandle
ZwClose
memcpy
IofCompleteRequest
memmove
RtlInitUnicodeString
RtlGetVersion
RtlCompareMemory
KeDelayExecutionThread
MmGetSystemRoutineAddress
MmLockPagableDataSection
MmUnlockPagableImageSection
IoCancelIrp
IoDeleteDevice
IoDetachDevice
IoWMIRegistrationControl
PoSetPowerState
memset
KefAcquireSpinLockAtDpcLevel
RtlAppendUnicodeStringToString
IoOpenDeviceRegistryKey
MmQuerySystemSize
MmLockPagableSectionByHandle
RtlIntegerToUnicodeString
RtlWriteRegistryValue
RtlDeleteRegistryValue
RtlAppendUnicodeToString
IoAttachDeviceToDeviceStack
IoCreateDevice
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
ObfDereferenceObject
IoGetConfigurationInformation
PoCallDriver
PoStartNextPowerIrp
KeQuerySystemTime
RtlQueryRegistryValues
ZwQueryValueKey
KeInsertQueueDpc
KeCancelTimer
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
KeBugCheckEx
RtlUnwind
KeInitializeTimer
KeRemoveQueueDpc
KeInitializeDpc
IoFreeIrp
IofCallDriver
IoAllocateIrp
ExFreePoolWithTag
ExAllocatePoolWithTag
KeWaitForSingleObject
KeSetEvent
ExAllocatePoolWithQuotaTag
KeInitializeEvent
hal
KfAcquireSpinLock
KeRaiseIrqlToDpcLevel
KfLowerIrql
KeGetCurrentIrql
ExReleaseFastMutex
ExAcquireFastMutex
KfReleaseSpinLock
wmilib.sys
WmiCompleteRequest
WmiSystemControl
Sections
.text Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 428B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGESRP0 Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESER Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 904B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ