Static task
static1
General
-
Target
2e98ef8581d75d8b1429717fbd156d6b
-
Size
16KB
-
MD5
2e98ef8581d75d8b1429717fbd156d6b
-
SHA1
277629c31218540f49e2f94574ea3e2a224452e0
-
SHA256
ea0a3328007c534fea83074c4a791b8c2ce2f0df0a4065e4b55baa9ad381fce4
-
SHA512
6d3238b2844912e493565392c6523dc65a50166e9dc9729837101b4b6d8c6645722f6b7387692f5202280009d90c830313b77e1515da2f448a1f91d02499c345
-
SSDEEP
384:BFzLiL3YvFyspH6vXjCrlqeARlnE1eMc/0I/Hply7/N+GmqNDT:B9yspHyjCrlqeAmeb0t+pqNDT
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2e98ef8581d75d8b1429717fbd156d6b
Files
-
2e98ef8581d75d8b1429717fbd156d6b.sys windows:5 windows x86 arch:x86
13842a1078af2668d6a845208b1aa31d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
memcpy
IoDeleteSymbolicLink
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
PsTerminateSystemThread
IofCompleteRequest
PsGetVersion
KeServiceDescriptorTable
ObfReferenceObject
IoCreateSymbolicLink
ObfDereferenceObject
IoCreateDevice
_except_handler3
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 384B - Virtual size: 276B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 60B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 512B - Virtual size: 418B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 256B - Virtual size: 174B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ