C:\sys\Release\i386\KernelExec.pdb
Static task
static1
1 signatures
General
-
Target
e1e913fe4d5cd4b247a5f6859c0b476c
-
Size
4KB
-
MD5
e1e913fe4d5cd4b247a5f6859c0b476c
-
SHA1
de5143f355d5cb0f7de3af58389dc3caad6819f3
-
SHA256
8f37a57e634e83af279d50d64e5563ea636226182cee8ca1c8c30568da5e0045
-
SHA512
7ca8a7345e838c7d7d8b5891152dbec8daac113dc77e940f48a9acf63dd5f3ec68efa50e67ec30b6dd49c3de947d683840d049f5f84c3f155edb3e8255c66118
-
SSDEEP
48:SVUKuEv3uHi8/OMVFDE1rTtn3McR7B2jKX8pYIb79R2Osr1j9aALRy4S/bT:mXJPuH1/O8FDE1rxbYjKXe7qdr1nLlk
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e1e913fe4d5cd4b247a5f6859c0b476c
Files
-
e1e913fe4d5cd4b247a5f6859c0b476c.sys windows:5 windows x86 arch:x86
b13b95f35010ebd0b41ad7ef6b9876a0
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
DbgPrint
IoDeleteDevice
IofCompleteRequest
IoCreateDevice
RtlInitUnicodeString
IoFreeMdl
MmUnlockPages
ExFreePoolWithTag
KeInsertQueueApc
KeInitializeApc
KeUnstackDetachProcess
MmMapLockedPagesSpecifyCache
KeStackAttachProcess
MmProbeAndLockPages
IoAllocateMdl
ExAllocatePoolWithTag
_strnicmp
IoGetCurrentProcess
_except_handler3
Sections
.text Size: 512B - Virtual size: 440B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 183B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 512B - Virtual size: 512B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 256B - Virtual size: 174B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ