watchdog.pdb
Static task
static1
1 signatures
General
-
Target
watchdog.sys
-
Size
136KB
-
MD5
f13d92277a7ea1d9d44f27b0ffa28328
-
SHA1
01944f1d94b17ed03d9080227bf907cd615b9f8b
-
SHA256
415b8a4a35167b1ece36e739a77ecea133b0c95897c31e7ae5eebdd6b2fa6a23
-
SHA512
fe2c438313cd53917cb21660bf8051da14f95d9885f914fa559b03b926aff322a42a7911f5dcba48c6c2019b4e723665235d54b547563a2bd3eac6ef56e0f7bf
-
SSDEEP
1536:onHaCY6Go5GvAxmgFW2L4O+rSDWMSwuh3RCWWHB41xIqXMO44:fC/mAp8sWHRRCXKP9XMON
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource watchdog.sys
Files
-
watchdog.sys.sys windows:10 windows x64 arch:x64
ad68146d10830dea7752ce84db83acea
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
IoWMIQueryAllData
ExAllocatePool2
_vsnprintf
ExFreePoolWithTag
RtlWriteRegistryValue
EtwWriteTransfer
KfRaiseIrql
KeLowerIrql
KeBugCheckEx
DbgPrintEx
DbgPrompt
KdRefreshDebuggerNotPresent
KdDebuggerEnabled
KdDebuggerNotPresent
KeDelayExecutionThread
EtwRegister
ExInitializePagedLookasideList
KeInitializeEvent
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
KeSetEvent
KeWaitForSingleObject
IoWMIOpenBlock
ExDeletePagedLookasideList
ExAcquirePushLockSharedEx
ExReleasePushLockSharedEx
RtlGetActiveConsoleId
KeStackAttachProcess
KeUnstackDetachProcess
ExAllocateFromPagedLookasideList
KeResetEvent
ExFreeToPagedLookasideList
PsTerminateSystemThread
PsGetCurrentProcessSessionId
PsGetCurrentProcess
ZwOpenKey
ZwEnumerateKey
ZwQueryValueKey
EtwUnregister
EtwSetInformation
RtlQueryFeatureConfiguration
RtlNotifyFeatureUsage
PsGetCurrentProcessId
PsGetCurrentThreadId
EtwActivityIdControl
_vsnwprintf
RtlQueryRegistryValuesEx
KeLeaveCriticalRegion
ExReleasePushLockExclusiveEx
ExAcquirePushLockExclusiveEx
ObfDereferenceObject
KeEnterCriticalRegion
RtlQueryFeatureConfigurationChangeStamp
RtlRegisterFeatureConfigurationChangeNotification
KeQueryTimeIncrement
KeInitializeTimerEx
KeInitializeDpc
KeFlushQueuedDpcs
KeAcquireSpinLockRaiseToDpc
KeQueryRuntimeThread
KeSetTimerEx
KeReleaseSpinLock
KeCancelTimer
KeRemoveQueueDpc
KeAcquireSpinLockAtDpcLevel
ObfReferenceObject
KeInsertQueueDpc
KeReleaseSpinLockFromDpcLevel
KeClearEvent
ExQueueWorkItem
KeInitializeTimer
KeSetTimer
IoGetDeviceAttachmentBaseRef
RtlInitUnicodeString
KeInitializeSpinLock
RtlGetVersion
ZwQueryInformationFile
ZwWriteFile
ZwSetInformationFile
ZwFlushBuffersFileEx
PsLookupProcessByProcessId
RtlInitAnsiString
PsGetProcessImageFileName
RtlAnsiStringToUnicodeString
_wcsnicmp
RtlGetNtSystemRoot
KeGetCurrentIrql
RtlFreeUnicodeString
IoRaiseInformationalHardError
RtlCaptureContext
KeCapturePersistentThreadState
ZwSystemDebugControl
RtlCompareMemory
ExRaiseStatus
EtwEventEnabled
EtwWrite
ext-ms-win-ntos-werkernel-l1-1-0
WerLiveKernelCloseHandle
WerLiveKernelSubmitReport
WerLiveKernelCreateReport
WerLiveKernelOpenDumpFile
WerLiveKernelCancelReport
Exports
Exports
??0WatchdogTimeoutReport@@QEAA@K_K000T_WD_LIVEREPORT_FLAGS@@P6AXPEAV0@@ZP6A_N2@Z_NI@Z
??1WatchdogTimeoutReport@@QEAA@XZ
?Callback@WatchdogTimeoutReport@@QEAAXXZ
?Cancel@WatchdogTimeoutReport@@QEAAXXZ
?Filter@WatchdogTimeoutReport@@QEAA_NXZ
?GetArg1@WatchdogTimeoutReport@@QEAA_KXZ
?GetArg2@WatchdogTimeoutReport@@QEAA_KXZ
?GetArg3@WatchdogTimeoutReport@@QEAA_KXZ
?GetArg4@WatchdogTimeoutReport@@QEAA_KXZ
?GetCode@WatchdogTimeoutReport@@QEAAKXZ
?GetIsActive@WatchdogTimeoutReport@@QEAA?C_NXZ
?GetLiveDumpFlags@WatchdogTimeoutReport@@QEAA?AT_WD_LIVEREPORT_FLAGS@@XZ
?GetLiveDumpWorkItem@WatchdogTimeoutReport@@QEAAPEAU_WORK_QUEUE_ITEM@@XZ
?GetLiveDumpWorkItemEvent@WatchdogTimeoutReport@@QEAAPEAU_KEVENT@@XZ
?ReportCount@WatchdogTimeoutReport@@2JC
?StartTimer@WatchdogTimeoutReport@@QEAAXXZ
DMgrAcquireGdiViewId
DMgrGetSmbiosInfo
DMgrIsSetupRunning
DMgrReleaseGdiViewId
DMgrWriteDeviceCountToRegistry
DisplayLogSetMonitorPowerStage
DisplayRestoreVidPnJournalBegin
DisplayRestoreVidPnJournalFinalize
DisplayRestoreVidPnResult
DisplayScenarioJounralSetTSDDDState
DisplayScenarioJournalBegin
DisplayScenarioJournalCCDRetrieval
DisplayScenarioJournalDPIInfo
DisplayScenarioJournalDisplayUniquenessIncremented
DisplayScenarioJournalFinalize
DisplayScenarioJournalRetry
DisplayScenarioJournalSetActualPathModality
DisplayScenarioJournalSetCommitVidPnStatus
DisplayScenarioJournalSetExpectedPathModality
DisplayScenarioJournalSetSDCPathsAndModes
DisplayScenarioJournalSetSetTimingPathInfo
DisplayScenarioJournalSetSpecializedData
DisplayScenarioJournalSetUniqueness
DisplayScenarioJournalVidPnSourceVisibility
SMgrGdiCallout
SMgrGetActiveSessionProcess
SMgrGetNumberOfSessions
SMgrNotifySessionChange
SMgrRegisterSessionChangeCallout
SMgrUnregisterSessionChangeCallout
VpInitialize
WdAllocateDeferredWatchdog
WdAllocateWatchdog
WdAttachContext
WdCompleteEvent
WdDbgCreateSnapshot
WdDbgDestroySnapshot
WdDbgGetSecondaryDataMaxSize
WdDbgReportCancel
WdDbgReportComplete
WdDbgReportCreate
WdDbgReportQueryInfo
WdDbgReportRecreate
WdDbgReportSecondaryData
WdDereferenceObject
WdDetachContext
WdDiagGetEtwHandle
WdDiagInit
WdDiagIsTracingEnabled
WdDiagNotifyUser
WdDiagShutdown
WdEnterMonitoredSection
WdExitMonitoredSection
WdFreeDeferredWatchdog
WdFreeWatchdog
WdGetDeviceObject
WdGetLastEvent
WdGetLowestDeviceObject
WdInitialize
WdIsDebuggerPresent
WdLogEvent5_WdAssertion
WdLogEvent5_WdCriticalError
WdLogEvent5_WdDebug
WdLogEvent5_WdDmmEvent
WdLogEvent5_WdError
WdLogEvent5_WdEvent
WdLogEvent5_WdLowResource
WdLogEvent5_WdPower
WdLogEvent5_WdPresentTokenEvent
WdLogEvent5_WdTrace
WdLogEvent5_WdWarning
WdLogGetEventOrder
WdLogGetRecentEvents
WdLogNewEntry5_WdAssertion
WdLogNewEntry5_WdCriticalError
WdLogNewEntry5_WdDebug
WdLogNewEntry5_WdDmmEvent
WdLogNewEntry5_WdError
WdLogNewEntry5_WdEvent
WdLogNewEntry5_WdLowResource
WdLogNewEntry5_WdPower
WdLogNewEntry5_WdPresentTokenEvent
WdLogNewEntry5_WdTrace
WdLogNewEntry5_WdWarning
WdLogSingleEntry0
WdLogSingleEntry1
WdLogSingleEntry2
WdLogSingleEntry3
WdLogSingleEntry4
WdLogSingleEntry5
WdMadeAnyProgress
WdQueryDebugFlag
WdReferenceObject
WdRegFreeInfo
WdRegOpenSubkey
WdRegRetrieveSubkeyInfo
WdRegRetrieveValueInfo
WdResetDeferredWatch
WdResetWatch
WdResumeDeferredWatch
WdResumeWatch
WdSetEventAndWaitForSingleObject
WdStartDeferredWatch
WdStartWatch
WdStopDeferredWatch
WdStopWatch
WdSuspendDeferredWatch
WdSuspendWatch
WdpDbgReportCreateFromDump
WdpInterfaceReferenceNop
Sections
.text Size: 36KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 24KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.edata Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 505B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
GFIDS Size: 4KB - Virtual size: 700B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ