m_regs
Static task
static1
1 signatures
General
-
Target
36dbdfac9d2fe1e0c199865160254043
-
Size
21KB
-
MD5
36dbdfac9d2fe1e0c199865160254043
-
SHA1
5a65adbaadc29f7e26a4acf5ae798d617b397efb
-
SHA256
4603145be4a4c06bc7e4d748fec2094bfd854ca792629d1b0f7e88b8ea936e84
-
SHA512
44786e91275059a634f315d753f69d592ceb7afffdb3f96765be8ee7d7285bd9cc1431b1b03c6c1088008184e3fa0b3dbd0d9c59e7c1110d60d37c3ff3cb6b96
-
SSDEEP
192:ejeFn/XdTvIWAXZQ70NjhkEznYC/Qd/KyP:eyl/dgWSQR63Id/3
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 36dbdfac9d2fe1e0c199865160254043
Files
-
36dbdfac9d2fe1e0c199865160254043.sys windows:5 windows x86 arch:x86
b0eac6fed43c6764c3db930b6167ef4d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IofCompleteRequest
MmIsAddressValid
RtlFreeAnsiString
_strupr
RtlUnicodeStringToAnsiString
strncmp
IoGetCurrentProcess
strrchr
PsGetCurrentThreadId
PsGetCurrentProcessId
strstr
PsLookupProcessByProcessId
strncpy
RtlInitUnicodeString
KeServiceDescriptorTable
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwReadFile
ZwClose
ZwCreateFile
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
DbgPrint
Exports
Exports
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 224B - Virtual size: 212B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 96B - Virtual size: 68B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 768B - Virtual size: 748B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 480B - Virtual size: 454B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ