Actual PE Digest
aa:66:a1:49:44:1f:b1:01:23:a3:b2:36:d8:c1:07:95:49:4a:d5:f1
Digest Algorithm
sha1
PE Digest Matches
false
Static task
static1
General
-
Target
b6fdfb15f92184fae8831d6f173fd1c0N.exe
-
Size
116KB
-
MD5
b6fdfb15f92184fae8831d6f173fd1c0
-
SHA1
c2770870f1ae37f3090e6a305e4b0afb4b384746
-
SHA256
8305bb9884458c244105f58de26bb3958ba816323371fe6789e4e71574ea9ee5
-
SHA512
14fcdfb2a8d80d3465df3bfba9392e522863e6a9b452745f2ca7b77a1fbfb6e3869a10993d690c6e62bbfb65abe3899f76ea7621d6e4cabc1a56d0097fffa271
-
SSDEEP
3072:miv/pesZlfZGxxPAH0OCQDwbkk17zYgBLL9YFS1j7g:p/pes+erCQDwbkk178gBLL9YFS1o
Score
1/10
Malware Config
Signatures
Files
-
b6fdfb15f92184fae8831d6f173fd1c0N.exe.sys windows:6 windows x86 arch:x86
421e2ed4f2de31d0afa141f525999fe3
Code Sign
aa:66:a1:49:44:1f:b1:01:23:a3:b2:36:d8:c1:07:95:49:4a:d5:f1Signer
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
d:\young\httprdr\tdxflt\objfre_wxp_x86\i386\TdxFlt_i386.pdb
Imports
ntoskrnl.exe
ObReferenceObjectByHandle
ZwCreateFile
IofCallDriver
IoBuildDeviceIoControlRequest
IoGetRelatedDeviceObject
memset
IoFreeMdl
MmProbeAndLockPages
IoFreeIrp
IoAllocateMdl
IofCompleteRequest
IoCancelIrp
KeQueryTim
KeTickCount
_alldiv
_allmul
ZwFlushKey
ZwSetValueKey
ZwCreateKey
ZwQueryValueKey
ZwOpenKey
memcpy
IoDeleteDevice
IoGetDeviceObjectPointer
IoCreateDevice
ZwDeleteKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlLargeIntegerDivide
ExSystemTimeToLocalTime
KeQuerySystemTime
_allrem
rand
srand
RtlGetVersion
RtlRandomEx
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
IoRegisterShutdownNotification
RtlUpcaseUnicodeString
ExAllocatePool
ExAllocatePoolWithTag
IoDetachDevice
PsGetCurrentProcessId
RtlCompareMemory
MmIsAddressValid
ProbeForWrite
ProbeForRead
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
IoAttachDeviceToDeviceStack
memmove
_snprintf
strncpy
PsGetCurrentThreadId
ZwEnumerateKey
DbgPrint
strstr
_strnicmp
ZwDeleteFile
IoBuildSynchronousFsdRequest
RtlCompareUnicodeString
ZwSetInformationFile
ZwWriteFile
ZwReadFile
ZwWaitForSingleObject
ZwQueryInformationFile
IoCreateFileSpecifyDeviceObjectHint
IoGetDeviceAttachmentBaseRef
ZwOpenFile
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlEqualUnicodeString
ObQueryNameString
swprintf
ZwDeviceIoControlFile
ZwFsControlFile
KeGetCurrentThread
RtlCopyUnicodeString
IoAttachDeviceToDeviceStackSafe
PsCreateSystemThread
PsTerminateSystemThread
KeSetTimerEx
KeSetPriorityThread
KeCancelTimer
KeInitializeTimerEx
KeBugCheckEx
KeInitializeEvent
ObfDereferenceObject
KeWaitForSingleObject
ZwClose
RtlInitUnicodeString
ExFreePoolWithTag
KeSetEvent
RtlAnsiCharToUnicodeChar
RtlUnwind
hal
KfReleaseSpinLock
KfAcquireSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
Sections
.text Size: 60KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 936B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ