ScreenShot
| Created | 2022.05.20 11:24 | Machine | s1_win7_x6401 |
| Filename | tsusbhub.sys | ||
| Type | PE32+ executable (native) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | cc6d4a26254eb72c93ac848ecfcfb4af | ||
| sha256 | f7293644e8a4548907e6d34c41ba3ac60c0a623a0215d3191e6745adef811da4 | ||
| ssdeep | 3072:rDVPJpLpe6/kQOh4hqPXykU6Pes/wcB6wk4p:rjpLpe6/hp5kJPJ | ||
| imphash | f89b87f1cd5b01b40e1dc570592e728d | ||
| impfuzzy | 24:wXLgfwLyUgyHSmiVdJYkFFFAMix9LJ2PfKQ6MrDglwgBhKM8S3rKPKrOrP/jL+DQ:nC3kna0KlZwM8S2705mQAuRMrYk9Z | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ntoskrnl.exe
0x1c001e038 EtwWriteTransfer
0x1c001e040 RtlCompareMemory
0x1c001e048 ObReferenceObjectByHandle
0x1c001e050 IoFileObjectType
0x1c001e058 RtlGUIDFromString
0x1c001e060 _vsnwprintf
0x1c001e068 MmGetSystemRoutineAddress
0x1c001e070 IoWMIRegistrationControl
0x1c001e078 RtlQueryFeatureConfigurationChangeStamp
0x1c001e080 RtlQueryFeatureConfiguration
0x1c001e088 RtlRegisterFeatureConfigurationChangeNotification
0x1c001e090 RtlUnregisterFeatureConfigurationChangeNotification
0x1c001e098 wcsncmp
0x1c001e0a0 RtlStringFromGUID
0x1c001e0a8 IoGetDeviceProperty
0x1c001e0b0 IoSetDevicePropertyData
0x1c001e0b8 IofCompleteRequest
0x1c001e0c0 IoGetDevicePropertyData
0x1c001e0c8 KfRaiseIrql
0x1c001e0d0 KeLowerIrql
0x1c001e0d8 RtlInitializeBitMap
0x1c001e0e0 _purecall
0x1c001e0e8 RtlInitUnicodeString
0x1c001e0f0 DbgPrintEx
0x1c001e0f8 RtlCopyUnicodeString
0x1c001e100 ExFreePool
0x1c001e108 ExInitializeNPagedLookasideList
0x1c001e110 ExDeleteNPagedLookasideList
0x1c001e118 ObfDereferenceObject
0x1c001e120 ExDeleteResourceLite
0x1c001e128 ExAcquireResourceExclusiveLite
0x1c001e130 KeEnterCriticalRegion
0x1c001e138 KeLeaveCriticalRegion
0x1c001e140 ExReleaseResourceLite
0x1c001e148 KeInitializeMutex
0x1c001e150 KeReleaseMutex
0x1c001e158 KeWaitForSingleObject
0x1c001e160 KeSetEvent
0x1c001e168 ZwCreateFile
0x1c001e170 IoCancelIrp
0x1c001e178 ZwClose
0x1c001e180 IoGetRelatedDeviceObject
0x1c001e188 KeInitializeEvent
0x1c001e190 IoBuildAsynchronousFsdRequest
0x1c001e198 IofCallDriver
0x1c001e1a0 ExQueueWorkItem
0x1c001e1a8 MmUnlockPages
0x1c001e1b0 IoFreeMdl
0x1c001e1b8 IoFreeIrp
0x1c001e1c0 _wcsicmp
0x1c001e1c8 MmMapLockedPagesSpecifyCache
0x1c001e1d0 RtlCheckTokenMembership
0x1c001e1d8 RtlLengthRequiredSid
0x1c001e1e0 RtlSubAuthoritySid
0x1c001e1e8 RtlInitializeSid
0x1c001e1f0 EtwRegister
0x1c001e1f8 EtwUnregister
0x1c001e200 ExFreePoolWithTag
0x1c001e208 ExInitializeResourceLite
0x1c001e210 ExAllocatePoolWithTag
0x1c001e218 RtlAreBitsSet
0x1c001e220 RtlClearBits
0x1c001e228 RtlFindClearBitsAndSet
HAL.dll
0x1c001e000 KeQueryPerformanceCounter
WDFLDR.SYS
0x1c001e010 WdfVersionUnbind
0x1c001e018 WdfVersionBind
0x1c001e020 WdfVersionUnbindClass
0x1c001e028 WdfVersionBindClass
EAT(Export Address Table) is none
ntoskrnl.exe
0x1c001e038 EtwWriteTransfer
0x1c001e040 RtlCompareMemory
0x1c001e048 ObReferenceObjectByHandle
0x1c001e050 IoFileObjectType
0x1c001e058 RtlGUIDFromString
0x1c001e060 _vsnwprintf
0x1c001e068 MmGetSystemRoutineAddress
0x1c001e070 IoWMIRegistrationControl
0x1c001e078 RtlQueryFeatureConfigurationChangeStamp
0x1c001e080 RtlQueryFeatureConfiguration
0x1c001e088 RtlRegisterFeatureConfigurationChangeNotification
0x1c001e090 RtlUnregisterFeatureConfigurationChangeNotification
0x1c001e098 wcsncmp
0x1c001e0a0 RtlStringFromGUID
0x1c001e0a8 IoGetDeviceProperty
0x1c001e0b0 IoSetDevicePropertyData
0x1c001e0b8 IofCompleteRequest
0x1c001e0c0 IoGetDevicePropertyData
0x1c001e0c8 KfRaiseIrql
0x1c001e0d0 KeLowerIrql
0x1c001e0d8 RtlInitializeBitMap
0x1c001e0e0 _purecall
0x1c001e0e8 RtlInitUnicodeString
0x1c001e0f0 DbgPrintEx
0x1c001e0f8 RtlCopyUnicodeString
0x1c001e100 ExFreePool
0x1c001e108 ExInitializeNPagedLookasideList
0x1c001e110 ExDeleteNPagedLookasideList
0x1c001e118 ObfDereferenceObject
0x1c001e120 ExDeleteResourceLite
0x1c001e128 ExAcquireResourceExclusiveLite
0x1c001e130 KeEnterCriticalRegion
0x1c001e138 KeLeaveCriticalRegion
0x1c001e140 ExReleaseResourceLite
0x1c001e148 KeInitializeMutex
0x1c001e150 KeReleaseMutex
0x1c001e158 KeWaitForSingleObject
0x1c001e160 KeSetEvent
0x1c001e168 ZwCreateFile
0x1c001e170 IoCancelIrp
0x1c001e178 ZwClose
0x1c001e180 IoGetRelatedDeviceObject
0x1c001e188 KeInitializeEvent
0x1c001e190 IoBuildAsynchronousFsdRequest
0x1c001e198 IofCallDriver
0x1c001e1a0 ExQueueWorkItem
0x1c001e1a8 MmUnlockPages
0x1c001e1b0 IoFreeMdl
0x1c001e1b8 IoFreeIrp
0x1c001e1c0 _wcsicmp
0x1c001e1c8 MmMapLockedPagesSpecifyCache
0x1c001e1d0 RtlCheckTokenMembership
0x1c001e1d8 RtlLengthRequiredSid
0x1c001e1e0 RtlSubAuthoritySid
0x1c001e1e8 RtlInitializeSid
0x1c001e1f0 EtwRegister
0x1c001e1f8 EtwUnregister
0x1c001e200 ExFreePoolWithTag
0x1c001e208 ExInitializeResourceLite
0x1c001e210 ExAllocatePoolWithTag
0x1c001e218 RtlAreBitsSet
0x1c001e220 RtlClearBits
0x1c001e228 RtlFindClearBitsAndSet
HAL.dll
0x1c001e000 KeQueryPerformanceCounter
WDFLDR.SYS
0x1c001e010 WdfVersionUnbind
0x1c001e018 WdfVersionBind
0x1c001e020 WdfVersionUnbindClass
0x1c001e028 WdfVersionBindClass
EAT(Export Address Table) is none