d:\young\httprdr\tdxflt\objfre_wxp_x86\i386\TdxFlt_i386.pdb
Static task
static1
1 signatures
General
-
Target
7bf08151be52c4a0f8d556cc0e6c0840N.exe
-
Size
87KB
-
MD5
7bf08151be52c4a0f8d556cc0e6c0840
-
SHA1
dbe83bf88fd53a402f7117189ed9517242aa5124
-
SHA256
01153f4c5f9e8613c4ee0c9a476cdbcbb901549a16f02894acc1896be7f63532
-
SHA512
ce1932498db72f7157161cb1c737adbe90f92da347455e4e43f9bff0f3530f76c4d9be3d7b6653a9e2e7cccc357a2499fd9596f50bbbe6b2babba8b70e71ff5e
-
SSDEEP
1536:6DKRatKfX/Wm+Fx0HQDz59S6195waLGLK1LyLbLy6LAGA:lakX+m+F8M6uLDgKZknBRA
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7bf08151be52c4a0f8d556cc0e6c0840N.exe
Files
-
7bf08151be52c4a0f8d556cc0e6c0840N.exe.sys windows:6 windows x86 arch:x86
c4a50b8a366e01ecfe6f5c8a4a8f528c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ObReferenceObjectByHandle
ZwCreateFile
IofCallDriver
IoBuildDeviceIoControlRequest
IoGetRelatedDeviceObject
memset
IoFreeMdl
MmProbeAndLockPages
IoFreeIrp
IoAllocateMdl
IofCompleteRequest
IoCancelIrp
KeQueryTimeIncrement
KeTickCount
_alldiv
_allmul
ZwFlushKey
ZwSetValueKey
ZwCreateKey
ZwQueryValueKey
ZwOpenKey
memcpy
IoDeleteDevice
IoGetDeviceObjectPointer
IoCreateDevice
ZwDeleteKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlLargeIntegerDivide
ExSystemTimeToLocalTime
KeQuerySystemTime
_allrem
rand
srand
RtlGetVersion
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
IoRegisterShutdownNotification
RtlUpcaseUnicodeString
ExAllocatePool
IoDetachDevice
PsGetCurrentProcessId
RtlCompareMemory
MmIsAddressValid
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
IoAttachDeviceToDeviceStack
memmove
strncpy
_snprintf
PsGetCurrentThreadId
ZwEnumerateKey
DbgPrint
strstr
_strnicmp
ZwDeleteFile
IoBuildSynchronousFsdRequest
RtlCompareUnicodeString
ZwSetInformationFile
ZwWriteFile
ZwReadFile
ZwWaitForSingleObject
ZwQueryInformationFile
IoCreateFileSpecifyDeviceObjectHint
IoGetDeviceAttachmentBaseRef
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlEqualUnicodeString
ObQueryNameString
swprintf
ZwDeviceIoControlFile
ZwFsControlFile
KeGetCurrentThread
ZwOpenFile
RtlCopyUnicodeString
ExAllocatePoolWithTag
IoAttachDeviceToDeviceStackSafe
PsCreateSystemThread
PsTerminateSystemThread
KeSetTimerEx
KeSetPriorityThread
KeCancelTimer
KeInitializeTimerEx
KeBugCheckEx
KeInitializeEvent
ObfDereferenceObject
KeWaitForSingleObject
ZwClose
RtlInitUnicodeString
ExFreePoolWithTag
KeSetEvent
RtlAnsiCharToUnicodeChar
RtlUnwind
hal
KfReleaseSpinLock
KfAcquireSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
Sections
.text Size: 55KB - Virtual size: 55KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 936B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ