E:\VS_Project\WinHips\Bin\Client\Client\x64\Release\Client.pdb
Static task
static1
1 signatures
General
-
Target
4a6a37a568a53e340a9e5c50f513a0947b7419c9be458f9fdc43359c408a3446
-
Size
974KB
-
MD5
93a4dd740f77de3b159b7746b10ba421
-
SHA1
30318b78e2a9140047aec72e98594ee50a5569f6
-
SHA256
4a6a37a568a53e340a9e5c50f513a0947b7419c9be458f9fdc43359c408a3446
-
SHA512
be88be6bcdb71b30c8fad941a6934748e5ec819a31c158589bfd5957af3dba0d8ae3f86316e65dda1fb53c3e9f7654ad2dcd2fd1350fad6aa7fa396a2368798d
-
SSDEEP
24576:KnQFZAQcY/fXlaAGH0XTm8/PxTGt8bAj:KQFGadVHXTa8b
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4a6a37a568a53e340a9e5c50f513a0947b7419c9be458f9fdc43359c408a3446
Files
-
4a6a37a568a53e340a9e5c50f513a0947b7419c9be458f9fdc43359c408a3446.sys windows:10 windows x64 arch:x64
5c428e210700654780ce1310736bc7a2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
fltmgr.sys
FltSetCallbackDataDirty
FltRegisterFilter
FltUnregisterFilter
FltStartFiltering
FltGetFileNameInformation
FltReleaseFileNameInformation
FltParseFileNameInformation
FltReadFile
FltQueryInformationFile
ntoskrnl.exe
ObfDereferenceObject
ZwCreateFile
ZwWriteFile
ZwClose
MmIsAddressValid
ZwTerminateProcess
ZwOpenProcess
PsLookupProcessByProcessId
sprintf_s
_itoa_s
PsSuspendProcess
strncpy_s
RtlFreeUnicodeString
RtlTimeToTimeFields
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
ExSystemTimeToLocalTime
ZwReadFile
KeSetPriorityThread
KeGetCurrentIrql
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
PsGetThreadId
PsGetProcessWow64Process
RtlWriteRegistryValue
RtlCreateRegistryKey
RtlCheckRegistryKey
swprintf_s
__C_specific_handler
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
strcpy_s
ExInterlockedInsertHeadList
ExInterlockedRemoveHeadList
PsCreateSystemThread
PsTerminateSystemThread
MmMapLockedPagesSpecifyCache
IofCallDriver
IoGetCurrentProcess
PsGetCurrentProcessId
CmUnRegisterCallback
PsSetCreateProcessNotifyRoutine
PsSetCreateProcessNotifyRoutineEx
PsSetCreateThreadNotifyRoutine
PsRemoveCreateThreadNotifyRoutine
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
RtlEqualUnicodeString
ZwCreateKey
ZwSetValueKey
PsInitialSystemProcess
IoQueryFileDosDeviceName
MmBuildMdlForNonPagedPool
IoAllocateMdl
IoFreeMdl
DbgPrint
ObRegisterCallbacks
PsGetProcessId
IoThreadToProcess
PsProcessType
ExGetPreviousMode
CmRegisterCallbackEx
CmCallbackGetKeyObjectID
IoAttachDeviceToDeviceStack
IoGetDeviceObjectPointer
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupThreadByThreadId
ObOpenObjectByPointer
RtlInitUnicodeString
PsThreadType
KeDelayExecutionThread
ZwUnmapViewOfSection
ZwWaitForSingleObject
ZwQueryInformationThread
ZwOpenThread
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
ZwQueryVirtualMemory
ExFreePoolWithTag
MmGetSystemRoutineAddress
RtlImageNtHeader
ZwQuerySystemInformation
ZwCreateSection
ZwMapViewOfSection
MmMapIoSpace
MmUnmapIoSpace
MmSystemRangeStart
RtlUnicodeToUTF8N
RtlUTF8ToUnicodeN
RtlGetVersion
KeInitializeMutex
KeReleaseMutex
KeQueryTimeIncrement
ObReferenceObjectByHandle
ZwSetInformationFile
PsGetCurrentThreadId
RtlUnicodeToMultiByteSize
RtlUnicodeToMultiByteN
ZwLockFile
ZwUnlockFile
RtlAppendUnicodeStringToString
ZwOpenKey
ZwDeleteKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwQueryKey
ZwQueryValueKey
RtlAnsiCharToUnicodeChar
wcsncmp
ZwQueryInformationFile
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
ZwQueryFullAttributesFile
ZwQueryObject
ZwDuplicateObject
ZwOpenDirectoryObject
ObSetHandleAttributes
wcscmp
RtlQueryRegistryValues
ZwOpenFile
ZwDeviceIoControlFile
sscanf_s
swscanf_s
strcat_s
MmGetPhysicalMemoryRanges
NtShutdownSystem
ZwSetSystemTime
ExQueueWorkItem
ZwLoadDriver
ZwUnloadDriver
ZwDeleteFile
_vsnwprintf_s
KeAreApcsDisabled
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPages
MmUnmapLockedPages
IoAllocateIrp
IoCreateFile
IoFreeIrp
IoGetFileObjectGenericMapping
SeCreateAccessState
ObCreateObject
IoFileObjectType
ObCloseHandle
PsGetProcessInheritedFromUniqueProcessId
ZwQueryInformationProcess
wcsncat_s
RtlTimeFieldsToTime
KeWaitForMultipleObjects
IoCancelIrp
towlower
KeBugCheckEx
PsGetProcessPeb
wcscpy_s
wcscat_s
ExAllocatePoolWithTag
PsGetProcessSectionBaseAddress
netio.sys
WskReleaseProviderNPI
WskCaptureProviderNPI
WskRegister
WskDeregister
Sections
.text Size: 557KB - Virtual size: 556KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 60KB - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 330KB - Virtual size: 334KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ