v:\workspace\windows\guarder\build\guarder\make\guarder\make\output\i386\gurdr5x32.pdb
Static task
static1
1 signatures
General
-
Target
28bcb9e5da9274e436d09eccf16cf810N
-
Size
71KB
-
MD5
28bcb9e5da9274e436d09eccf16cf810
-
SHA1
615e9359ec441cf074e6f1d238d315103d18afa3
-
SHA256
d1ab2532e812999dad091d61a2cf1720d05ccefd2a43f53979deb6734f539545
-
SHA512
94e288a4f256742ec1e7db9fd74b1c2772ace1e461a90cdfd062a2dd2d46a8d5c485b2e42feaaa34d7d8495dc57842386e439858f64caa355f10f9b39444e4cc
-
SSDEEP
1536:GEDdncUEwE7lzBKfS0iZ8juicAiXwqfNd8em3SxGBLx:GwBQhzAfS006xTqr8e9od
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 28bcb9e5da9274e436d09eccf16cf810N
Files
-
28bcb9e5da9274e436d09eccf16cf810N.sys windows:6 windows x86 arch:x86
f5fa6743a74a390f42426fde65a1778b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IofCallDriver
memset
KeDelayExecutionThread
KeWaitForSingleObject
KeInitializeEvent
ZwClose
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwQueryInformationFile
ZwWriteFile
RtlRandom
KeQuerySystemTime
ZwSetInformationFile
ExAllocatePoolWithTag
ZwCreateFile
memcpy
KeReleaseMutex
RtlCopyUnicodeString
ZwDeleteFile
RtlCompareUnicodeString
ZwQueryDirectoryFile
RtlInitUnicodeString
ZwOpenFile
KeInitializeMutex
ZwFlushKey
PsSetCreateProcessNotifyRoutine
IoCreateSymbolicLink
IoCreateDevice
ObfDereferenceObject
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ExEventObjectType
PsGetCurrentProcessId
KeGetCurrentThread
_purecall
PsTerminateSystemThread
memmove
PsThreadType
PsCreateSystemThread
ZwOpenKey
PsGetCurrentThreadId
KeSetTimerEx
IoQueueWorkItem
IoFreeWorkItem
KeInitializeDpc
KeInitializeTimerEx
IoAllocateWorkItem
KeTickCount
KeBugCheckEx
RtlUnwind
strchr
KeResetEvent
PsGetThreadId
PsLookupThreadByThreadId
_alldiv
DbgPrint
IofCompleteRequest
MmProbeAndLockPages
MmUnmapLockedPages
IoAllocateMdl
IoBuildDeviceIoControlRequest
IoFreeMdl
IoGetDeviceObjectPointer
IoGetRelatedDeviceObject
ObReferenceObjectByPointer
_except_handler3
ObOpenObjectByPointer
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
IoFileObjectType
MmUserProbeAddress
ExGetPreviousMode
RtlGetVersion
MmGetSystemRoutineAddress
_stricmp
ZwQuerySystemInformation
KeUnstackDetachProcess
RtlAppendUnicodeStringToString
PsGetProcessPeb
KeStackAttachProcess
PsLookupProcessByProcessId
RtlUnicodeToMultiByteN
ZwQueryValueKey
ZwDeleteValueKey
ZwSetValueKey
ZwCreateKey
ObQueryNameString
ZwReadFile
ObfReferenceObject
IoGetBaseFileSystemDeviceObject
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
KeServiceDescriptorTable
ExUuidCreate
strrchr
_strnicmp
CmUnRegisterCallback
CmRegisterCallback
IoReleaseVpbSpinLock
IoAttachDeviceToDeviceStackSafe
IoAcquireVpbSpinLock
IoEnumerateDeviceObjectList
IoUnregisterFsRegistrationChange
IoDetachDevice
IoCancelFileOpen
ProbeForWrite
_vsnwprintf
ZwDeleteKey
ZwLoadDriver
RtlAppendUnicodeToString
KeSetEvent
MmIsAddressValid
ExFreePoolWithTag
PsGetThreadTeb
MmUnlockPages
KeInsertQueueApc
KeInitializeApc
hal
KfAcquireSpinLock
KfReleaseSpinLock
Sections
.text Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 48KB - Virtual size: 48KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ