Static task
static1
General
-
Target
4e59aad8c1a5f1018da71be32143a4d3717c2a673ef878794fb7e641f2c116d3
-
Size
18KB
-
MD5
edd7096e627cfbd958e15722ffaf196a
-
SHA1
bdb56f73c885bcabb6f0d3dabce3d7daf09210e6
-
SHA256
4e59aad8c1a5f1018da71be32143a4d3717c2a673ef878794fb7e641f2c116d3
-
SHA512
827b88b1802ebf14fdb3bd33257c77de0c477a450b712fb1c24175e4b7df72050934439033f2c06a9f3d9a5816b120b9ab4f496ebc2d0c1f8117a163d02cb231
-
SSDEEP
192:uJQWsXAq7cg2+Nw9l0HNuG2BcnQcEfK0qqi8PJdDWqIW8oK1IVe9K2G5B6:KQWswq7J2+NY0HYdfKrMJNWXCle9Kr4
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4e59aad8c1a5f1018da71be32143a4d3717c2a673ef878794fb7e641f2c116d3
Files
-
4e59aad8c1a5f1018da71be32143a4d3717c2a673ef878794fb7e641f2c116d3.sys windows x64
24a34b81f85b95e4011d0eb55d6781cd
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
RtlCompareMemory
IoWMIRegistrationControl
swprintf
MmGetSystemRoutineAddress
ObfDereferenceObject
MmUnmapIoSpace
MmMapIoSpace
IoGetDmaAdapter
KeBugCheckEx
RtlCopyUnicodeString
ExFreePoolWithTag
IoWMIWriteEvent
ExAllocatePoolWithTag
IoGetDeviceProperty
RtlInitUnicodeString
wdfldr.sys
WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass
Sections
.text Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 820B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 492B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 848B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 96B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ