C:\ressdt\i386\RESSDT.pdb
General
-
Target
8cb2120d30f22dc8d2aaabaf17a9c768
-
Size
5KB
-
MD5
8cb2120d30f22dc8d2aaabaf17a9c768
-
SHA1
b5128465bd6cf6c559d1fce7de8617a51a8dc3b9
-
SHA256
546f42136204b6e7c535fbde589d9dc59748f2944e2bdc498b5e7e4812678af6
-
SHA512
1919f04e09cf19ca9c6686905c0e00deb404b33e4e8a2f1e4d8a7c4483f9861e3fa6eafe77be676c7eab90732178a99eb1ea2fcbae58eb7b447f1780fcb452bb
-
SSDEEP
96:o3ldPCIjHor17NF9Rh3ohpBsQD2ag6AaPC7ie2aRhcHXoKIwnWH:Kd7HoZNNwjDyIysHDW
Score
7/10
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8cb2120d30f22dc8d2aaabaf17a9c768
Files
-
8cb2120d30f22dc8d2aaabaf17a9c768.sys windows:5 windows x86 arch:x86
5d1108b3e8fa42b0ef4925d3dcce708e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IofCompleteRequest
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
_except_handler3
Sections
.text Size: 512B - Virtual size: 496B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 142B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 384B - Virtual size: 308B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 128B - Virtual size: 74B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 556B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ