ACE-DYNGAME.pdb
Static task
static1
1 signatures
General
-
Target
595c7acd519f8fd4927234f0f7f3ebb7cf6a5edb645a5fca2368949db0136e2f
-
Size
1.1MB
-
MD5
7e2497deae52717e5a23bef5a978bbc6
-
SHA1
24f86656e2fa53cc5217427db9ea8fb8634da65b
-
SHA256
595c7acd519f8fd4927234f0f7f3ebb7cf6a5edb645a5fca2368949db0136e2f
-
SHA512
e452f0dd2f795bb86a75813b0081e89c6871bc6c28d82bc2a7b9a9dbb0f5b18444b90dacee9bdf1d3406eb36030a1d247ffca352d45e07a22dde096a8a1c181e
-
SSDEEP
12288:rYASTIM3QM0I4niLNZXgNoG3BIbgZKihRaAWm8LwtHTXN+RByoI:FSdAM34iL7cn3SFStz
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 595c7acd519f8fd4927234f0f7f3ebb7cf6a5edb645a5fca2368949db0136e2f
Files
-
595c7acd519f8fd4927234f0f7f3ebb7cf6a5edb645a5fca2368949db0136e2f.sys windows:10 windows x64 arch:x64
c9768ebc8c9680d865804dbda43a15bd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
fltmgr.sys
FltGetFileNameInformationUnsafe
FltReleaseFileNameInformation
ndis.sys
NdisOpenConfigurationEx
NdisCloseConfiguration
NdisReadConfiguration
ntoskrnl.exe
IofCallDriver
IoGetAttachedDeviceReference
ObfDereferenceObject
RtlPrefixUnicodeString
MmIsAddressValid
__C_specific_handler
RtlUnicodeStringToInteger
KeQueryActiveProcessorCountEx
MmMapIoSpace
MmUnmapIoSpace
IoGetDeviceProperty
ZwClose
MmGetPhysicalAddress
PsGetCurrentProcessId
ExAllocatePoolWithTag
PsTerminateSystemThread
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
MmGetVirtualForPhysical
DbgPrint
KeSetEvent
KeSetSystemGroupAffinityThread
KeRevertToUserGroupAffinityThread
KeGetCurrentProcessorNumberEx
PsCreateSystemThread
ObReferenceObjectByHandle
ZwOpenFile
KeDeregisterBugCheckReasonCallback
KeRegisterBugCheckReasonCallback
RtlInt64ToUnicodeString
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
IoAllocateMdl
IoFreeMdl
ZwUnloadDriver
wcscat_s
PsGetCurrentThreadId
IofCompleteRequest
IoCreateDevice
IoDeleteDevice
IoRegisterShutdownNotification
IoUnregisterShutdownNotification
KeClearEvent
CmUnRegisterCallback
PsSetCreateProcessNotifyRoutineEx
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
KeDelayExecutionThread
KeQueryTimeIncrement
KeQueryActiveProcessors
MmGetSystemRoutineAddress
RtlInitAnsiString
RtlInsertElementGenericTableFullAvl
IoDriverObjectType
PsGetProcessPeb
RtlAnsiStringToUnicodeString
MmBuildMdlForNonPagedPool
PsGetVersion
ZwLoadDriver
ZwCreateKey
ZwOpenKey
ZwDeleteKey
ZwFlushKey
ZwQueryValueKey
ZwSetValueKey
IoGetCurrentProcess
RtlFreeUnicodeString
RtlCompareMemory
PsGetProcessId
IoBuildSynchronousFsdRequest
PsInitialSystemProcess
RtlAppendUnicodeToString
IoCreateFile
ZwCreateFile
ZwQueryInformationFile
ZwSetInformationFile
ZwReadFile
ZwWriteFile
IoCreateFileSpecifyDeviceObjectHint
IoGetBaseFileSystemDeviceObject
ZwDeleteFile
IoFileObjectType
KeRevertToUserAffinityThread
KeSetSystemAffinityThread
KeSetPriorityThread
KeBugCheck
ZwEnumerateKey
PsThreadType
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
ZwQueryObject
RtlUpcaseUnicodeChar
RtlAnsiCharToUnicodeChar
MmProbeAndLockProcessPages
PsGetProcessExitStatus
ZwCreateSection
ZwQuerySystemInformation
KeBugCheckEx
ExFreePoolWithTag
ExAllocatePool
KeWaitForSingleObject
KeInitializeEvent
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetThreadProcessId
hal
HalGetBusDataByOffset
KeStallExecutionProcessor
HalSetBusDataByOffset
Sections
.text Size: 119KB - Virtual size: 119KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 146KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.CRT Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 848B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 108B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.tvm0 Size: 1020KB - Virtual size: 1020KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ