ACE-DYNGAME.pdb
Static task
static1
1 signatures
General
-
Target
203bed10bed06d32134e2e3a0d35e361d1dd813cd4ca237395aba4fe8263e623
-
Size
1.1MB
-
MD5
7c9d2622855483b738915e4fdcc2d37f
-
SHA1
6c555e2b25bd9df0ed5949541b135e57dabb4beb
-
SHA256
203bed10bed06d32134e2e3a0d35e361d1dd813cd4ca237395aba4fe8263e623
-
SHA512
e5022beb1fb16e43065d9e3bfe72458a69ce2f63a5b3270c9f89482951aed88b7a46946217afd106476444b48be9a4dd3be7b3560643326bc998ca5376d7e07b
-
SSDEEP
12288:pxjISPcV8ZfuL1j0dUtkDzxJj8tiNZamV4+nECFA0JjURmCEWYNXah2lfr2gomYm:TWXBbkRumL00Jwv0JV
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 203bed10bed06d32134e2e3a0d35e361d1dd813cd4ca237395aba4fe8263e623
Files
-
203bed10bed06d32134e2e3a0d35e361d1dd813cd4ca237395aba4fe8263e623.sys windows:10 windows x64 arch:x64
c9768ebc8c9680d865804dbda43a15bd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
fltmgr.sys
FltGetFileNameInformationUnsafe
FltReleaseFileNameInformation
ndis.sys
NdisOpenConfigurationEx
NdisCloseConfiguration
NdisReadConfiguration
ntoskrnl.exe
IofCallDriver
IoGetAttachedDeviceReference
ObfDereferenceObject
RtlPrefixUnicodeString
MmIsAddressValid
__C_specific_handler
RtlUnicodeStringToInteger
KeQueryActiveProcessorCountEx
MmMapIoSpace
MmUnmapIoSpace
IoGetDeviceProperty
ZwClose
MmGetPhysicalAddress
PsGetCurrentProcessId
ExAllocatePoolWithTag
PsTerminateSystemThread
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
MmGetVirtualForPhysical
DbgPrint
KeSetEvent
KeSetSystemGroupAffinityThread
KeRevertToUserGroupAffinityThread
KeGetCurrentProcessorNumberEx
PsCreateSystemThread
ObReferenceObjectByHandle
ZwOpenFile
KeDeregisterBugCheckReasonCallback
KeRegisterBugCheckReasonCallback
RtlInt64ToUnicodeString
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
IoAllocateMdl
IoFreeMdl
ZwUnloadDriver
wcscat_s
PsGetCurrentThreadId
IofCompleteRequest
IoCreateDevice
IoDeleteDevice
IoRegisterShutdownNotification
IoUnregisterShutdownNotification
KeClearEvent
CmUnRegisterCallback
PsSetCreateProcessNotifyRoutineEx
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
KeDelayExecutionThread
KeQueryTimeIncrement
KeQueryActiveProcessors
MmGetSystemRoutineAddress
RtlInitAnsiString
RtlInsertElementGenericTableFullAvl
IoDriverObjectType
PsGetProcessPeb
RtlAnsiStringToUnicodeString
MmBuildMdlForNonPagedPool
PsGetVersion
ZwLoadDriver
ZwCreateKey
ZwOpenKey
ZwDeleteKey
ZwFlushKey
ZwQueryValueKey
ZwSetValueKey
IoGetCurrentProcess
RtlFreeUnicodeString
RtlCompareMemory
PsGetProcessId
IoBuildSynchronousFsdRequest
PsInitialSystemProcess
RtlAppendUnicodeToString
IoCreateFile
ZwCreateFile
ZwQueryInformationFile
ZwSetInformationFile
ZwReadFile
ZwWriteFile
IoCreateFileSpecifyDeviceObjectHint
IoGetBaseFileSystemDeviceObject
ZwDeleteFile
IoFileObjectType
KeRevertToUserAffinityThread
KeSetSystemAffinityThread
KeSetPriorityThread
KeBugCheck
ZwEnumerateKey
PsThreadType
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
ZwQueryObject
RtlUpcaseUnicodeChar
RtlAnsiCharToUnicodeChar
MmProbeAndLockProcessPages
PsGetProcessExitStatus
ZwCreateSection
ZwQuerySystemInformation
KeBugCheckEx
ExFreePoolWithTag
ExAllocatePool
KeWaitForSingleObject
KeInitializeEvent
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetThreadProcessId
hal
HalGetBusDataByOffset
KeStallExecutionProcessor
HalSetBusDataByOffset
Sections
.text Size: 120KB - Virtual size: 119KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 146KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.CRT Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 848B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 108B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.tvm0 Size: 1008KB - Virtual size: 1008KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ