mountmgr.pdb
Static task
static1
1 signatures
General
-
Target
0003e754e7f8e725256c46ff5c80bec0N.exe
-
Size
56KB
-
MD5
0003e754e7f8e725256c46ff5c80bec0
-
SHA1
ced3babaf3b005b90afc1b5d812b547412898ad2
-
SHA256
cd50d71fe7a47fd07c3a201e35acacf4404181c1a25cd4b8e4003e858d01be40
-
SHA512
35c610a52146c45cbbf156dc0d66771f101da90a580314d894a78d37bc85bf8d7fc29162fa81f7ab2f544fc2cc186f07e185e71a56ea16a8c8ee8f7f8ae3cc59
-
SSDEEP
1536:bGwxM8MqJCapPqyB1BVtKd1RfB+lcO/Gy/Vix:bnM8MqnPXVt0RfIiqGy/Qx
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0003e754e7f8e725256c46ff5c80bec0N.exe
Files
-
0003e754e7f8e725256c46ff5c80bec0N.exe.sys windows:6 windows x86 arch:x86
5119659142d3694e2b8352b4a47aafaa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
RtlPrefixUnicodeString
memcpy
ExFreePoolWithTag
IoCreateSymbolicLink
IoDeleteSymbolicLink
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetAttachedDeviceReference
ObfDereferenceObject
KeWaitForSingleObject
IoGetDeviceObjectPointer
KeReleaseMutex
RtlEqualUnicodeString
RtlInitUnicodeString
RtlCompareMemory
RtlAppendUnicodeStringToString
RtlCopyUnicodeString
RtlStringFromGUID
ExUuidCreate
RtlWriteRegistryValue
KeSetEvent
IoFreeWorkItem
ZwClose
ZwSetInformationFile
ZwWriteFile
ZwReadFile
IoSetThreadHardErrorMode
ZwCreateFile
RtlCreateSystemVolumeInformationFolder
IoQueueWorkItem
IoAllocateWorkItem
ZwQueryInformationFile
KeReleaseSemaphore
ObIsDosDeviceLocallyMapped
RtlQueryRegistryValues
memset
IoFreeIrp
ExAllocatePoolWithTag
ZwOpenFile
RtlDeleteRegistryValue
IoReportTargetDeviceChangeAsynchronous
RtlCompareUnicodeString
IoUnregisterPlugPlayNotification
IofCompleteRequest
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ExQueueWorkItem
ZwWaitForSingleObject
ZwOpenEvent
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
IoDeleteDevice
IoCancelIrp
KeResetEvent
IoUnregisterShutdownNotification
RtlUpcaseUnicodeChar
ZwQueryDirectoryFile
IoRegisterPlugPlayNotification
memmove
ObQueryNameString
IoFileObjectType
ZwQueryVolumeInformationFile
IoSetCompletionRoutineEx
IoInitializeIrp
IoAllocateIrp
IoSetSystemPartition
PsSetThreadHardErrorsAreDisabled
PsGetThreadHardErrorsAreDisabled
IoRegisterShutdownNotification
KeInitializeSemaphore
KeInitializeMutex
IoCreateDevice
RtlCreateRegistryKey
KeTickCount
KeBugCheckEx
ObReferenceObjectByHandle
ZwFsControlFile
KeGetCurrentThread
hal
KfReleaseSpinLock
KfAcquireSpinLock
Sections
.text Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ