E:\Windows\Desktop\Dev\Driver\SK\WriteRead\x64\Release\DriverLoader.pdb
Static task
static1
1 signatures
General
-
Target
6f99c84492d6713111b82cc2444938a43aaac2c0aea6509740374bb2c9478df5
-
Size
68KB
-
MD5
69933634e923e0cb2794eb4d8203f9c8
-
SHA1
e3106bf5187249fff65f68589c24e0c21a5cd517
-
SHA256
6f99c84492d6713111b82cc2444938a43aaac2c0aea6509740374bb2c9478df5
-
SHA512
975302bb2a5d63afe2a0f6eee1178c4033f708c237a62f5c6b268d96df77d2ef3ea9fd63c6069d319d1731174eefea08c04c3b4343e5a15fb6d08cf105aeb54b
-
SSDEEP
1536:u/laznQ0WnAKaRMtGerswMIGQRSDaf0WX6U00X5ki7+mI9dCtBsNQ:ElazynAKaNORMIGLaMWX6U00Wi7+/CqQ
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6f99c84492d6713111b82cc2444938a43aaac2c0aea6509740374bb2c9478df5
Files
-
6f99c84492d6713111b82cc2444938a43aaac2c0aea6509740374bb2c9478df5.sys windows:10 windows x64 arch:x64
bc8395597be3cba9922df7a57efe5345
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
ExAllocatePool
ExFreePoolWithTag
strcmp
RtlImageNtHeader
strlen
_stricmp
strstr
_strupr
RtlInitUnicodeString
ObReferenceObjectByHandle
ObfDereferenceObject
ZwCreateFile
ZwClose
ZwDeleteFile
ZwQuerySystemInformation
IoFileObjectType
Sections
.text Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 240B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 1024B - Virtual size: 562B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 36B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ