c:\myrootkit\hideprocesshookmdl\sys\i386\hideprocess.pdb
Static task
static1
1 signatures
General
-
Target
89f895167a1da673399732cacd7dc14e
-
Size
3KB
-
MD5
89f895167a1da673399732cacd7dc14e
-
SHA1
1ce57675195789fbf807681d214f5b00fd15c1ad
-
SHA256
db05e43b7a91cb21d1816d92269aee26645fe529d8b6a6ff081f02c7a2c64b0f
-
SHA512
c4106ce5b8a4000e117a234c10b56f4ad444e5753c78c6a870db63f66a3ad9ca2718a48c81901096c28f7a96d73fe87ff88717461587c2a242d7a7612962ca11
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 89f895167a1da673399732cacd7dc14e
Files
-
89f895167a1da673399732cacd7dc14e.sys windows:5 windows x86 arch:x86
8642fd182ee3c21675208e2f524072c1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IoFreeMdl
MmUnmapLockedPages
ZwQuerySystemInformation
DbgPrint
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
KeServiceDescriptorTable
KeTickCount
Sections
.text Size: 896B - Virtual size: 892B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 157B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 384B - Virtual size: 348B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 256B - Virtual size: 164B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ