Static task
static1
General
-
Target
4930766ea449b751f4467504f88a91a1
-
Size
9KB
-
MD5
4930766ea449b751f4467504f88a91a1
-
SHA1
ccb7cff290345977f6d7d71d2e8d610334d2d6a6
-
SHA256
7151731a1fc48929e8ddacd4d6e3957b318abd129bf2d258123fabc923ba2864
-
SHA512
26000c898c80d5b7e1d719b580419cb9d0253709d9169a52913a8d948d77d593884ec0804cd79c93fd31729779055cb27f0135f586df6ff84c90c9af9244899b
-
SSDEEP
192:Njc81NbA7Y/PbUvkAdsGI9Neb5SzioWHMHAmXAg:Fc81KGPbJ/e1AiomQLw
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4930766ea449b751f4467504f88a91a1
Files
-
4930766ea449b751f4467504f88a91a1.sys windows:4 windows x86 arch:x86
992ddba413d64e112623bbedf7a59eca
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PsTerminateSystemThread
PsCreateSystemThread
wcscmp
ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
KeServiceDescriptorTable
MmIsAddressValid
KeAddSystemServiceTable
KeWaitForSingleObject
KeInitializeEvent
_allmul
ZwFreeVirtualMemory
KeUserModeCallback
ZwAllocateVirtualMemory
ZwQueryInformationProcess
KeDetachProcess
KeAttachProcess
PsLookupProcessByProcessId
KeClearEvent
KeSetEvent
PsGetCurrentProcessId
NtBuildNumber
_except_handler3
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 160B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 672B - Virtual size: 668B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 224B - Virtual size: 216B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ