Static task
static1
General
-
Target
NEAS.8999779a79b25312501963a98143fa90.exe
-
Size
14KB
-
MD5
8999779a79b25312501963a98143fa90
-
SHA1
dcdbb54b5da397eb87f5763d4c767c8103535062
-
SHA256
31501284949945236536f8839b962901dae94445a14a43392698782a85583379
-
SHA512
edc4bcabed6e3d90f824a387fbfa365f29fca4ca41d1270662d976f97252f3071afcb11ab84d9cd86cfe601f1cb84a1016868d8fea26f20d28a282ee8b13a0f8
-
SSDEEP
192:TnB7qE8KxmtkcIL4zS6gEkaEYlfQhJxSzwKMDJuYXd9/1dQ6OXR+U1C8oVEeDk:7B7qEotuL4W7YC/JKMD993L8R+ZZD
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.8999779a79b25312501963a98143fa90.exe
Files
-
NEAS.8999779a79b25312501963a98143fa90.exe.sys windows:6 windows x86
e2a0aee08aac047e7d168e09b0df8517
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
KeDelayExecutionThread
KeQuerySystemTime
_alldiv
ExFreePoolWithTag
ExAllocatePool
memcpy
memset
ObfDereferenceObject
ObReferenceObjectByHandle
PsGetCurrentProcessId
_wcsnicmp
wcsncmp
RtlAppendUnicodeStringToString
RtlCopyUnicodeString
RtlVolumeDeviceToDosName
wcsstr
KeInitializeMutex
KeWaitForSingleObject
KeReleaseMutex
_wcsicmp
strncmp
MmMapLockedPages
MmBuildMdlForNonPagedPool
DbgPrint
MmCreateMdl
KeServiceDescriptorTable
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
KeTickCount
KeBugCheckEx
RtlUnwind
Sections
.text Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 452B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 928B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 942B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 532B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ