c:\pag\zr_v51\zr_v51.hw\r4\src\driver\rel\objfre_wnet_AMD64\amd64\znrdr.pdb
Static task
static1
1 signatures
General
-
Target
f6ec8c5855f59e64e7234187800f40c0N.exe
-
Size
59KB
-
MD5
f6ec8c5855f59e64e7234187800f40c0
-
SHA1
761480a8fcd4685b7b81e289784be726167748cc
-
SHA256
64bc086d6fb5b1f80c90d83cfd631a2dde7a318577c2d82dcd043a875779c0e8
-
SHA512
7a3e66f43c9f71ec3a63d461d7ebb1414709c3579cdf99cb05900fbfd2dd8f96cb0f414cc8b3f5eca7abb42cfc90dd97e69c0f660d3e7347fe8588bc758b0023
-
SSDEEP
1536:s7fYosdCdpMzBO0BGyG5r7amF8zQC8sWIxxWSJESLdAPiU:nosdCdaz8O+yE6dAX
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f6ec8c5855f59e64e7234187800f40c0N.exe
Files
-
f6ec8c5855f59e64e7234187800f40c0N.exe.sys windows:5 windows x64 arch:x64
1040e876bfea388a6974d1467351a9ba
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
KeBugCheckEx
KeClearEvent
ObReferenceObjectByHandle
IofCompleteRequest
strncpy
ObfDereferenceObject
KeSetEvent
_purecall
IoFreeMdl
MmMapLockedPagesSpecifyCache
KeReleaseSpinLockFromDpcLevel
KeAcquireSpinLockAtDpcLevel
RtlUnicodeStringToAnsiString
RtlEqualUnicodeString
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
KeInitializeTimer
KeInitializeDpc
KeSetTimer
DbgPrint
KeCancelTimer
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
ndis.sys
NdisMRegisterUnloadHandler
NdisMRemoveMiniport
NdisMPromoteMiniport
NdisMSetMiniportSecondary
NdisCloseAdapter
NdisIMDeInitializeDeviceInstance
NdisReEnumerateProtocolBindings
NdisIMInitializeDeviceInstanceEx
NdisIMGetDeviceContext
NdisAllocatePacketPoolEx
NdisWriteErrorLogEntry
NdisMSetAttributesEx
NdisReturnPackets
NdisRequest
NdisPacketPoolUsage
NdisMSleep
NdisReadConfiguration
NdisInitializeEvent
NdisInitializeWrapper
NdisTerminateWrapper
NdisFreeMemory
NdisResetEvent
NdisWaitEvent
NdisQueryAdapterInstanceName
NdisGetReceivedPacket
NdisSetEvent
NdisOpenConfiguration
NdisOpenProtocolConfiguration
NdisCloseConfiguration
NdisAllocateBufferPool
NdisAllocateBuffer
NdisUnchainBufferAtFront
NdisAllocatePacket
NdisFreePacket
NdisDeregisterProtocol
NdisIMDeregisterLayeredMiniport
NdisAllocateMemoryWithTag
NdisIMCopySendCompletePerPacketInfo
NdisMDeregisterDevice
NdisMDeregisterAdapterShutdownHandler
NdisRegisterProtocol
NdisIMRegisterLayeredMiniport
NdisAllocatePacketPool
NdisFreePacketPool
NdisIMAssociateMiniport
NdisMRegisterAdapterShutdownHandler
NdisOpenAdapter
NdisMRegisterDevice
NdisIMCopySendPerPacketInfo
Sections
.text Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.STL Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 904B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 416B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ