Z:\PcShare\复件 免费版\PcHide\objchk\i386\SADFEDGERGREG.pdb
Static task
static1
1 signatures
General
-
Target
a1730c56ec7d61460ba4574615a7b95b
-
Size
6KB
-
MD5
a1730c56ec7d61460ba4574615a7b95b
-
SHA1
b14876cdac0550af27b4d46af6c07bc6e87e9359
-
SHA256
d66fd7b2a22333b3391df8642b66cfd6ec8794f6328673aa9c04152aed0de5fc
-
SHA512
97698e212f1e5d87b822aaf4a9f8ae954459b6a55a52b8d1aae746efd089d3a1cb632b9cbe959a7d5dcb34fe840d6f7fc34a2debfc35f90f6e7217ed18c333f3
-
SSDEEP
96:yYDFWh1V6CPvEQaGY/Eo9015KpcTWbQkKUs2UlzHsaHL883W++iU47:yVXJX1DYsJmQH
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a1730c56ec7d61460ba4574615a7b95b
Files
-
a1730c56ec7d61460ba4574615a7b95b.sys windows:5 windows x86 arch:x86
64c920d0d8eecd3df079bb1c111e2e7d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwDeviceIoControlFile
IoDeleteDevice
IoDeleteSymbolicLink
wcscat
RtlFreeUnicodeString
wcscpy
RtlAnsiStringToUnicodeString
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 640B - Virtual size: 560B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 640B - Virtual size: 526B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 128B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.data Size: 256B - Virtual size: 240B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 512B - Virtual size: 512B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE