Actual PE Digest
1e:a4:3a:b1:d6:b5:d7:ab:c6:bf:fa:f3:08:a2:20:50:69:cd:f8:dc
Digest Algorithm
sha1
PE Digest Matches
true
Static task
static1
General
-
Target
b0a3cd703cc95aa8902b78251bcb9ed28b949d2781e6b35e0b2047ecb5c3df7d
-
Size
81KB
-
MD5
89257f142d9805eaea8a556a230d6a63
-
SHA1
55cd845c804ee589d63c592d43ef56110b57676f
-
SHA256
b0a3cd703cc95aa8902b78251bcb9ed28b949d2781e6b35e0b2047ecb5c3df7d
-
SHA512
b7029c7c9f313c0dd6041707b02412b1246c4fd5e075e345ff87bab813675832c16763b2d50ba746d0aeebdebf1f8932f4921dcfa7747d93047f79d631f5609e
-
SSDEEP
1536:LkJ5hrAeGAw4Dg75OYX8xLQ8bxCq5YDFXdAg7ONlLT7i07VPJHLbx:LghrAeGAw4DgDclCfFXgPiEVP7
Score
1/10
Malware Config
Signatures
Files
-
b0a3cd703cc95aa8902b78251bcb9ed28b949d2781e6b35e0b2047ecb5c3df7d.sys windows:6 windows x86 arch:x86
c6b3b68ca6d0de4da281cff421b98cf5
Code Sign
1e:a4:3a:b1:d6:b5:d7:ab:c6:bf:fa:f3:08:a2:20:50:69:cd:f8:dcSigner
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
d:\workspace\local\windivert\install\WDDK\i386\zfnetwall32.pdb
Imports
ntoskrnl.exe
_aullshr
ExUuidCreate
_allmul
ExFreePoolWithTag
ObfDereferenceObject
PsGetProcessId
MmMapLockedPagesSpecifyCache
memcpy
RtlCopyUnicodeString
ExAllocatePoolWithTag
IoFreeMdl
MmBuildMdlForNonPagedPool
IoAllocateMdl
KeBugCheckEx
KeTickCount
RtlIntegerToUnicodeString
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
_allshl
IoGetRequestorProcess
ObfReferenceObject
IoGetCurrentProcess
memset
_alldiv
RtlGetVersion
hal
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
KeQueryPerformanceCounter
ndis.sys
NdisAllocateNetBufferPool
NdisGetDataBuffer
NdisRetreatNetBufferDataStart
NdisAdvanceNetBufferDataStart
NdisFreeNetBufferListPool
NdisFreeNetBufferPool
NdisAllocateNetBufferListPool
fwpkclnt.sys
FwpmProviderDeleteByKey0
FwpsAllocateNetBufferAndNetBufferList0
FwpsInjectForwardAsync0
FwpsInjectNetworkSendAsync0
FwpsInjectNetworkReceiveAsync0
FwpsFreeNetBufferList0
FwpsFlowAssociateContext0
FwpsQueryPacketInjectionState0
FwpsCalloutRegister0
FwpmCalloutAdd0
FwpmFilterAdd0
FwpmFilterDeleteByKey0
FwpmCalloutDeleteByKey0
FwpsCalloutUnregisterByKey0
FwpsFlowRemoveContext0
FwpmSubLayerAdd0
FwpmProviderAdd0
FwpsInjectionHandleDestroy0
FwpmEngineClose0
FwpmSubLayerDeleteByKey0
FwpsInjectionHandleCreate0
FwpmTransactionCommit0
FwpmTransactionAbort0
FwpmTransactionBegin0
FwpmEngineOpen0
wdfldr.sys
WdfVersionBind
WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionUnbind
Sections
.text Size: 55KB - Virtual size: 54KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 760B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ