Static task
static1
General
-
Target
2f30e7ae5f22332e426caeaa3df9ce86
-
Size
28KB
-
MD5
2f30e7ae5f22332e426caeaa3df9ce86
-
SHA1
0dd6bd831b10c3a1dc256fe431702479278b9dde
-
SHA256
e15ceaf37e8ab392a273c5feed3d9eaea5e4a3c1ad8ff5c5724e6e4f83235f38
-
SHA512
8c4d4380b020b1a3cd9673a20707bb354d8038ecc8c06cadb121c64717d77caa0c08af8e553020d4682d2086ebf535086b42ed6b3fb3dfaccbed9b51a56eba44
-
SSDEEP
768:DLX9gaXMfjMWT0g/2DGbS5OSpBYwMsuRIsaYWQ4R+R:DDlXMfjMWT8oQBYwMsuRIsaDQG+R
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2f30e7ae5f22332e426caeaa3df9ce86
Files
-
2f30e7ae5f22332e426caeaa3df9ce86.sys windows:4 windows x86 arch:x86
7f31de590e7b63f4f7f14a391ec338e5
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
MmGetSystemRoutineAddress
RtlInitUnicodeString
wcslen
swprintf
wcscat
wcscpy
_wcsnicmp
_stricmp
strncpy
_strnicmp
ObfDereferenceObject
RtlAnsiStringToUnicodeString
ExFreePool
_snprintf
ExAllocatePoolWithTag
RtlCopyUnicodeString
ZwClose
ZwOpenKey
Sections
.text Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 448B - Virtual size: 436B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 832B - Virtual size: 824B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ