wmilib.pdb
Static task
static1
1 signatures
General
-
Target
cd0995d9278c29f188176cfdbb0ce5a5
-
Size
22KB
-
MD5
cd0995d9278c29f188176cfdbb0ce5a5
-
SHA1
2f69619770e19cc13d449a3b06a2d9f477dccab2
-
SHA256
c30f04a088a0688662a78ba0ab27df6d95a5a9c929f604fe2eeea8853949b9e7
-
SHA512
fbb3212b26a2163bca365c35314eb37623edbf88d24cec5fdd67c3fbd5c1cb99f833b4c5640d8386e2e4ab3dbc8ed3b2393c050b9357f199e3109f2a4bc7ada2
-
SSDEEP
384:lkOgyKfWzoWkPG4MAVL7wyvoIuqAIvjaJiXpWC+jF2pCMhsWzoW:lfQMAB7vxuDwaCpWLmCMh5
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource cd0995d9278c29f188176cfdbb0ce5a5
Files
-
cd0995d9278c29f188176cfdbb0ce5a5.sys windows:5 windows x86 arch:x86
c6a090f66c6e2c490a8c025b95202f4a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ObfReferenceObject
IofCompleteRequest
KeQuerySystemTime
IoWMIWriteEvent
ExAllocatePoolWithTag
ExFreePool
Exports
Exports
WmiCompleteRequest
WmiFireEvent
WmiSystemControl
Sections
.text Size: 512B - Virtual size: 484B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 128B - Virtual size: 95B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.edata Size: 256B - Virtual size: 130B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 256B - Virtual size: 210B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tdoh Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1016B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 128B - Virtual size: 82B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ