C:\Users\ieste\OneDrive\Desktop\ioctl base updated by redshirtfan\build\usermode\usermode.pdb
Static task
static1
1 signatures
General
-
Target
usermode.exe
-
Size
280KB
-
MD5
707af3d7b82301cf86ed2f00de3526cf
-
SHA1
aad687870495eeb4c7ed0ea64346487e00dda165
-
SHA256
ba29494e25c2e163f70078c65d37ccc487e1b29ad155a8725f3e8abc36dab93c
-
SHA512
7db60b0c7fe815754b1504bb4b854dba859e887c870afd87abfa2ebad7522f92f8e024329fbcf3d518e20f15c52dcd2ec1149ef1aa70e01ee5e9ac7925a85bf5
-
SSDEEP
6144:p0a8wS02Wv7E62Xf1WoGCZNfXedcqw1njbd:p0GGInCdJGEfXeY1n
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource usermode.exe
Files
-
usermode.exe.exe windows:6 windows x64 arch:x64
448becd14d75d2a8c97111f9c1a3135a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
d3d9
Direct3DCreate9Ex
kernel32
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
Process32First
DeviceIoControl
CreateFileW
CreateToolhelp32Snapshot
Process32Next
CloseHandle
lstrcmpiA
GlobalFree
GetCurrentProcessId
GetCurrentThreadId
IsDebuggerPresent
GlobalAlloc
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
Sleep
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetSystemTimeAsFileTime
GetModuleHandleW
user32
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
GetSystemMetrics
ShowWindow
SetClipboardData
GetWindow
SetWindowLongA
GetForegroundWindow
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
mouse_event
GetAsyncKeyState
LoadIconA
PeekMessageA
GetDesktopWindow
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ClientToScreen
GetClientRect
SetCursor
RegisterClassExA
UpdateWindow
GetKeyState
LoadCursorA
ScreenToClient
GetActiveWindow
imm32
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
msvcp140
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
_Query_perf_counter
?good@ios_base@std@@QEBA_NXZ
_Query_perf_frequency
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
dwmapi
DwmExtendFrameIntoClientArea
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memchr
memcmp
memcpy
memmove
_CxxThrowException
memset
__C_specific_handler
__current_exception
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
__current_exception_context
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vfprintf
__p__commode
ftell
__acrt_iob_func
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
_set_fmode
fclose
__stdio_common_vsprintf_s
fseek
fflush
api-ms-win-crt-string-l1-1-0
isprint
strcmp
strncpy
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-heap-l1-1-0
_callnewh
free
malloc
_set_new_mode
api-ms-win-crt-runtime-l1-1-0
__p___argv
__p___argc
exit
system
_register_thread_local_exe_atexit_callback
_exit
_initterm_e
_initterm
terminate
_invalid_parameter_noinfo_noreturn
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_c_exit
api-ms-win-crt-math-l1-1-0
ceilf
atan2
sqrtf
cosf
__setusermatherr
tanf
asin
sinf
fmodf
pow
powf
sqrt
floorf
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 223KB - Virtual size: 222KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 44KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 164B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ