C:\Users\dvl\source\repos\FileSystemMon\x64\Release\FileSystemMon.pdb
Static task
static1
1 signatures
General
-
Target
b7e8b9f40296b35ab16fd7dffb3c22797ff86adeba07a3b794eeabd0d67efeeb
-
Size
6KB
-
MD5
a9697e4e26b2448652fb022b46b618af
-
SHA1
b1c7bf97907a39f9cc40641622bf8c39fdb98a9b
-
SHA256
b7e8b9f40296b35ab16fd7dffb3c22797ff86adeba07a3b794eeabd0d67efeeb
-
SHA512
1b2ab6afef8254e932807ee1ad43bb930c2fdeb92c7eb0e989094e0857168582fb5366a843bfc3441221703fbcd2b34aade45e4f81732eb5902b80ec7637fd88
-
SSDEEP
48:qvY6Ts0LPAPUjb9ZOUBGR0ZQp8U3o15rX4ZjL4IpBHjq1h7nLv2WZ4IlLXmLhIh5:ec0PT5asQp5oz4Zj0SHWj76WiibYcR3
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b7e8b9f40296b35ab16fd7dffb3c22797ff86adeba07a3b794eeabd0d67efeeb
Files
-
b7e8b9f40296b35ab16fd7dffb3c22797ff86adeba07a3b794eeabd0d67efeeb.sys windows:10 windows x64 arch:x64
bb63c7f3484b3dc385f6089ea4efcd8b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
RtlInitUnicodeString
MmUnmapIoSpace
MmMapIoSpaceEx
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
ObfDereferenceObject
MmGetPhysicalMemoryRanges
MmCopyMemory
MmGetVirtualForPhysical
PsLookupProcessByProcessId
IoCreateDriver
PsGetProcessSectionBaseAddress
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 740B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 96B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 512B - Virtual size: 466B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE