D:\ZK\freedom\client\zkshim\win32\Drivers\WIN_2000\objfre\i386\freedom.pdb
Static task
static1
1 signatures
General
-
Target
e59fabd452ee948c638154ec2a493130N
-
Size
28KB
-
MD5
e59fabd452ee948c638154ec2a493130
-
SHA1
12c2f47ed6b8a809e4010288a8b8fe27337697a1
-
SHA256
ee6d99853047e2c1758af72d79ba259fb375e21818499815bde63c8dc710f637
-
SHA512
f56a70a9174a9233e3486cdd543fdb030ac08a06b1df2692f19e4d73568b41833b2445894acfcb09f1c2db1a03f6f54c3b5d58b038a491fa02822d6dc2c1a670
-
SSDEEP
768:FKUk40qtThRlfmXxCAlrnBRfBpTeoakmaT53WFg:5k9I9RlfUxFbBgoakmaT53Wg
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e59fabd452ee948c638154ec2a493130N
Files
-
e59fabd452ee948c638154ec2a493130N.sys windows:5 windows x86 arch:x86
869b97049a0e1aa8d2efe4c6e7dbab03
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
_except_handler3
sprintf
RtlLengthSecurityDescriptor
RtlLengthRequiredSid
RtlInitializeSid
RtlSubAuthoritySid
RtlEqualSid
ExAllocatePoolWithTag
RtlCreateSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlValidSecurityDescriptor
ExFreePoolWithTag
RtlCopyUnicodeString
KeSetEvent
ObfDereferenceObject
ObReferenceObjectByHandle
KeClearEvent
ProbeForRead
ProbeForWrite
IofCompleteRequest
KeInitializeSpinLock
hal
KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock
ndis.sys
NdisMSleep
NdisOpenProtocolConfiguration
NdisReadConfiguration
NdisOpenAdapter
NdisIMInitializeDeviceInstanceEx
NdisCloseConfiguration
NdisAllocatePacketPoolEx
NdisAllocatePacket
NdisAllocateBufferPool
NdisFreePacket
NdisPacketPoolUsage
NdisGetReceivedPacket
NdisFreeBufferPool
NdisQueryBufferOffset
NDIS_BUFFER_TO_SPAN_PAGES
NdisFreeBuffer
NdisAllocateBuffer
NdisRequest
NdisGetFirstBufferFromPacketSafe
NdisQueryBufferSafe
NdisTransferData
NdisIMCopySendPerPacketInfo
NdisIMCopySendCompletePerPacketInfo
NdisIMDeInitializeDeviceInstance
NdisIMCancelInitializeDeviceInstance
NdisFreePacketPool
NdisIMDeregisterLayeredMiniport
NdisAllocateMemoryWithTag
NdisFreeMemory
NdisInitializeEvent
NdisMDeregisterDevice
NdisReEnumerateProtocolBindings
NdisMRegisterDevice
NdisSetEvent
NdisTerminateWrapper
NdisDeregisterProtocol
NdisIMAssociateMiniport
NdisRegisterProtocol
NdisIMRegisterLayeredMiniport
NdisInitializeWrapper
NdisSend
NdisReturnPackets
NdisWaitEvent
NdisResetEvent
NdisMSetAttributesEx
NdisIMGetDeviceContext
NdisCloseAdapter
Sections
.text Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 768B - Virtual size: 751B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 384B - Virtual size: 356B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ