d:\jenkins\.jenkins\workspace\sys\extensionprotect\extension_protect\amd64\RenderDevExtensionT64.pdb
Static task
static1
1 signatures
General
-
Target
93d5b8a2f3f2bf1e2a6bf3542586614feff6dd1207315a143a1d9ce1d1ce78b0
-
Size
117KB
-
MD5
44d7e1582dc6ccaa8564d1d57010cf95
-
SHA1
b18c3d29ea49c0144d085bfae7ae7e41436bbdec
-
SHA256
93d5b8a2f3f2bf1e2a6bf3542586614feff6dd1207315a143a1d9ce1d1ce78b0
-
SHA512
12b83abf63021baa392dd90edd7c94fe8198c407310d3a56c21b48f315255239ac55bfe9a7c2be88a480d96b45ccc1d19b326538718d26918f52eebde26d1dab
-
SSDEEP
1536:BqC29SYakJ6H8RTOoXsytvaEdIKLEZtJMomLaCYOCcS:BqD9vakJPOoXXtvaaIKLqt5pCYdr
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 93d5b8a2f3f2bf1e2a6bf3542586614feff6dd1207315a143a1d9ce1d1ce78b0
Files
-
93d5b8a2f3f2bf1e2a6bf3542586614feff6dd1207315a143a1d9ce1d1ce78b0.sys windows:6 windows x64 arch:x64
fb12ce195bcae5d27e3858d28dac382e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
RtlIntegerToUnicodeString
RtlMultiByteToUnicodeSize
RtlUnicodeStringToAnsiString
RtlUnicodeToMultiByteN
RtlUnicodeToMultiByteSize
KeDelayExecutionThread
ObQueryNameString
ZwCreateFile
ZwQueryValueKey
RtlRandomEx
KeQueryTimeIncrement
ZwClose
KeWaitForSingleObject
RtlFreeAnsiString
RtlCompareUnicodeString
ZwOpenProcess
ZwQueryInformationProcess
PsGetCurrentProcessId
RtlCopyUnicodeString
ObfDereferenceObject
ZwOpenFile
RtlMultiByteToUnicodeN
ZwEnumerateKey
ZwQueryKey
ZwOpenKey
sprintf
RtlGetVersion
IoDeleteSymbolicLink
IoRegisterShutdownNotification
IoDeleteDevice
RtlCheckRegistryKey
IoUnregisterShutdownNotification
PsSetCreateProcessNotifyRoutineEx
IofCompleteRequest
RtlWriteRegistryValue
IoCreateSymbolicLink
RtlInitUnicodeString
IofCallDriver
ZwCreateKey
swprintf
RtlAppendUnicodeToString
ZwSetValueKey
_vsnwprintf
MmIsAddressValid
RtlTimeFieldsToTime
RtlTimeToTimeFields
CmRegisterCallback
CmUnRegisterCallback
ExSystemTimeToLocalTime
_vsnprintf
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlFreeUnicodeString
IoReuseIrp
KeResetEvent
KeSetEvent
KeInitializeEvent
IoFreeMdl
IoFreeIrp
MmProbeAndLockPages
IoAllocateIrp
MmUnlockPages
IoAllocateMdl
DbgPrint
ExReleaseFastMutex
ExAcquireFastMutex
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
PsThreadType
KeBugCheckEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoCreateDevice
towlower
MmGetSystemRoutineAddress
PsGetVersion
__C_specific_handler
netio.sys
WskDeregister
WskCaptureProviderNPI
WskRegister
WskReleaseProviderNPI
Sections
.text Size: 66KB - Virtual size: 65KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 34KB - Virtual size: 32.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 360B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ