C:\Users\retard\Desktop\driver\x64\Release\driver.pdb
Static task
static1
1 signatures
General
-
Target
meme.sys
-
Size
282KB
-
MD5
35574192f8e6f641bd2e9d2baadd5ddf
-
SHA1
e27aec0a8c5d88947f429d5b3d9a73d37c8c3a5d
-
SHA256
69c313459c2c989ed02585dfb12265525cb81b1655c2dd0f3266e64575c4124b
-
SHA512
8f65c6cc9a08b1738a6aa1aa8de47735f827d2ae3a66c1e1cecc1f88d5c29f65e73520e1c098304143d51d8ebb3268dbce865dad5347685bfd905baca36f02d4
-
SSDEEP
6144:S+PvgQQhsOEmCJRDuZK7JdzMaBea3D2fXSegSiWIUX6O2j5plRVW:S+PvgQMsOEmGSK78ynz59WZKBl
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource meme.sys
Files
-
meme.sys.dll windows:6 windows x64 arch:x64
4df383031d97e37973f1182dee5355bb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
ntoskrnl.exe
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalMemoryRanges
MmGetVirtualForPhysical
ObfDereferenceObject
PsGetProcessSectionBaseAddress
PsLookupProcessByProcessId
__chkstk
Sections
.text Size: 277KB - Virtual size: 277KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 240B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 204B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.00cfg Size: 512B - Virtual size: 48B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.retplne Size: 512B - Virtual size: 156B
.reloc Size: 512B - Virtual size: 44B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ