Actual PE Digest
bf:67:df:60:77:87:c5:0d:ff:72:c4:cb:3e:b4:7e:f5:46:96:ff:8b
Digest Algorithm
sha1
PE Digest Matches
false
Static task
static1
General
-
Target
916678eae64d501e82a9cc4c07fb5460N.exe
-
Size
89KB
-
MD5
916678eae64d501e82a9cc4c07fb5460
-
SHA1
41080d67a87013e9b5c957869b46d657eddf5780
-
SHA256
3a5a2d9e9e4ea2acce799714ab7255b1d9cd6d1b8aacce2ae6cd0a38ee9200ae
-
SHA512
d757d15ccc6931f8c702f375fd1c0f15a306af48fe152be315700726b8e787d8355cff418f8fdedc9ac0c4e8a79701335182f65576aa55417487f4169c9b6585
-
SSDEEP
1536:00cnzt+ShDpX3SJieKb6k6IXLQ6GRHHOjFbg:8j3MieK2k6IclnOu
Score
1/10
Malware Config
Signatures
Files
-
916678eae64d501e82a9cc4c07fb5460N.exe.sys windows:6 windows x86 arch:x86
7e55010173aa71e54dd995a878d9355c
Code Sign
bf:67:df:60:77:87:c5:0d:ff:72:c4:cb:3e:b4:7e:f5:46:96:ff:8bSigner
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
d:\young\httprdr\tdxflt\objfre_wxp_x86\i386\TdxFlt_i386.pdb
Imports
ntoskrnl.exe
ObReferenceObjectByHandle
ZwCreateFile
IofCallDriver
IoBuildDeviceIoControlRequest
IoGetRelatedDeviceObject
memset
IoFreeMdl
MmProbeAndLockPages
IoFreeIrp
IoAllocateMdl
IofCompleteRequest
IoCancelIrp
KeQueryTimeIncrement
KeTickCount
_alldiv
_allmul
ZwFlushKey
ZwSetValueKey
ZwCreateKey
ZwQueryValueKey
ZwOpenKey
memcpy
IoDeleteDevice
IoGetDeviceObjectPointer
IoCreateDevice
ZwDeleteKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlLargeIntegerDivide
ExSystemTimeToLocalTime
KeQuerySystemTime
_allrem
rand
srand
RtlGetVersion
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
IoRegisterShutdownNotification
RtlUpcaseUnicodeString
ExAllocatePool
IoDetachDevice
RtlCompareMemory
MmIsAddressValid
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
PsGetCurrentProcessId
IoAttachDeviceToDeviceStack
memmove
strncpy
_snprintf
PsGetCurrentThreadId
ZwEnumerateKey
DbgPrint
strstr
_strnicmp
ZwDeleteFile
IoBuildSynchronousFsdRequest
RtlCompareUnicodeString
ZwSetInformationFile
ZwWriteFile
ZwReadFile
ZwWaitForSingleObject
ZwQueryInformationFile
IoCreateFileSpecifyDeviceObjectHint
IoGetDeviceAttachmentBaseRef
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlEqualUnicodeString
ObQueryNameString
swprintf
ZwDeviceIoControlFile
ZwFsControlFile
KeGetCurrentThread
ZwOpenFile
RtlCopyUnicodeString
ExAllocatePoolWithTag
IoAttachDeviceToDeviceStackSafe
PsCreateSystemThread
PsTerminateSystemThread
KeSetTimerEx
KeSetPriorityThread
KeCancelTimer
KeInitializeTimerEx
KeBugCheckEx
KeInitializeEvent
ObfDereferenceObject
KeWaitForSingleObject
ZwClose
RtlInitUnicodeString
ExFreePoolWithTag
ord16384
RtlAnsiCharToUnicodeChar
RtlUnwind
hal
KfReleaseSpinLock
KfAcquireSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
Sections
.text Size: 52KB - Virtual size: 52KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 936B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ