Actual PE Digest
14:33:14:96:21:e2:32:d1:59:b6:90:ea:fb:e8:3e:3a:f3:71:cd:70
Digest Algorithm
sha1
PE Digest Matches
true
Static task
static1
General
-
Target
dde71cda2d5263bd3bccf69ccbe1eee7574a11f527555d7b643a4527f4ef090d
-
Size
106KB
-
MD5
b6d2f2ca7692f401ec9fd9268c93a647
-
SHA1
cad0641d434586395b7d9f41bfebd863a129eccd
-
SHA256
dde71cda2d5263bd3bccf69ccbe1eee7574a11f527555d7b643a4527f4ef090d
-
SHA512
e64e04233ebcdbf3a3094249946a9a9ce0194b05e10f30bfe3b2a1516066095f4d905d43fd23482377d4b9dff796f2c2d51e308900c516c43de37c267f00b84b
-
SSDEEP
1536:wFCAvlxIMKLfVxvHIzot1AvME6mi1zcHLbK:wPKLf3HcoNmi1zT
Score
1/10
Malware Config
Signatures
Files
-
dde71cda2d5263bd3bccf69ccbe1eee7574a11f527555d7b643a4527f4ef090d.sys windows:6 windows x64 arch:x64
07e58449b42cdb30e52832d7c548b398
Code Sign
14:33:14:96:21:e2:32:d1:59:b6:90:ea:fb:e8:3e:3a:f3:71:cd:70Signer
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
d:\workspace\local\windivert\install\WDDK\amd64\zfnetwall64.pdb
Imports
ntoskrnl.exe
RtlCopyUnicodeString
KeBugCheckEx
IoAllocateMdl
PsGetProcessId
ObfDereferenceObject
ObfReferenceObject
IoGetCurrentProcess
MmMapLockedPagesSpecifyCache
IoAllocateErrorLogEntry
IoFreeMdl
MmBuildMdlForNonPagedPool
KeAcquireInStackQueuedSpinLock
RtlGetVersion
RtlIntegerToUnicodeString
KeReleaseInStackQueuedSpinLock
IoGetRequestorProcess
ExFreePoolWithTag
ExUuidCreate
IoWriteErrorLogEntry
ExAllocatePoolWithTag
hal
KeQueryPerformanceCounter
ndis.sys
NdisFreeNetBufferListPool
NdisAdvanceNetBufferDataStart
NdisRetreatNetBufferDataStart
NdisFreeNetBufferPool
NdisGetDataBuffer
NdisAllocateNetBufferPool
NdisAllocateNetBufferListPool
fwpkclnt.sys
FwpsInjectionHandleDestroy0
FwpsInjectionHandleCreate0
FwpmTransactionCommit0
FwpsInjectNetworkSendAsync0
FwpmCalloutAdd0
FwpmSubLayerDeleteByKey0
FwpsQueryPacketInjectionState0
FwpmFilterDeleteByKey0
FwpmCalloutDeleteByKey0
FwpsFlowRemoveContext0
FwpsInjectNetworkReceiveAsync0
FwpmSubLayerAdd0
FwpsCalloutUnregisterByKey0
FwpsFlowAssociateContext0
FwpsAllocateNetBufferAndNetBufferList0
FwpsFreeNetBufferList0
FwpmEngineClose0
FwpmTransactionBegin0
FwpmFilterAdd0
FwpmProviderDeleteByKey0
FwpmEngineOpen0
FwpmTransactionAbort0
FwpsCalloutRegister0
FwpmProviderAdd0
FwpsInjectForwardAsync0
wdfldr.sys
WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionBind
WdfVersionUnbind
Sections
.text Size: 76KB - Virtual size: 76KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 760B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 714B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ