C:\Users\oxyn\Desktop\dev\guardshield-main\dll\x64\Release\AntiDBG.pdb
Static task
static1
1 signatures
General
-
Target
dump.exe
-
Size
21KB
-
MD5
2d6ad8f5e8961ad6c19bac56093c84f0
-
SHA1
8060e01378de33df80320f3a3c1158c9f61f9ff3
-
SHA256
7892119c9e4b815c07b93d2bc8f7310b16064734a99affae694ca6b81b5ea0b4
-
SHA512
63177b3273ca0687035c7226a70e590ae36385ed5c28e9d793ea393e528685f88496f9f921a39f304aa7f83f9774d33f04f1d49124ac8c50842e76634a389a36
-
SSDEEP
384:ic9SCBzS4thX18JwZIJAZBMb2Hcvg92nJjipT:nBzzWJdAZBMbYcpp+
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource dump.exe
Files
-
dump.exe.dll windows:6 windows x64 arch:x64
d8b77d2439dcde67040223fcd7b532c2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
GetCurrentProcess
GetModuleHandleA
CreateToolhelp32Snapshot
GetFileAttributesA
Process32NextW
GetCurrentThread
Process32FirstW
CloseHandle
LoadLibraryW
GetThreadContext
GetProcAddress
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
IsDebuggerPresent
CheckRemoteDebuggerPresent
VirtualProtect
TerminateProcess
GetModuleHandleW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
user32
FindWindowW
FindWindowA
msvcp140
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?good@ios_base@std@@QEBA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
vcruntime140_1
__CxxFrameHandler4
vcruntime140
_CxxThrowException
__std_exception_destroy
__C_specific_handler
memmove
memcpy
memset
__std_terminate
__std_type_info_destroy_list
__std_exception_copy
api-ms-win-crt-runtime-l1-1-0
_seh_filter_dll
_configure_narrow_argv
_initterm_e
_initterm
_initialize_onexit_table
_execute_onexit_table
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
_cexit
api-ms-win-crt-stdio-l1-1-0
__acrt_iob_func
__stdio_common_vfprintf
api-ms-win-crt-string-l1-1-0
_wcsicmp
api-ms-win-crt-heap-l1-1-0
malloc
free
_callnewh
Exports
Exports
IsVm
hookProtect
isDebugged
isSandbox
kill
Sections
.text Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 900B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 80B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ