Static task
static1
General
-
Target
678a3ed8ac8f9f9922a1d5ab53dbef9a
-
Size
28KB
-
MD5
678a3ed8ac8f9f9922a1d5ab53dbef9a
-
SHA1
2c3a93b97facdaafc01fa69456317189d6c1d05c
-
SHA256
ca8d25666d31117f7e995b39f2c70750daf0c2cacf6896310a9dfde5cd63bc90
-
SHA512
ea323a7d42e8e456681509849911ade396115f5259555f94ba6a7f2a67e9d8843ae343b1c5520b6e7e123872649b892e3aa0d08936244960c0ebc3fd6f418435
-
SSDEEP
768:nEK9lkyHjXJpiLv+i11OGHoZk6F/ypvHCGDysr:nEK9ayD5p2v+Y1OGIZky/ypvHLGC
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 678a3ed8ac8f9f9922a1d5ab53dbef9a
Files
-
678a3ed8ac8f9f9922a1d5ab53dbef9a.sys windows:4 windows x86 arch:x86
fbbcf3058b6ca197a9a7b403420850e6
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlInitUnicodeString
wcslen
wcscat
wcscpy
swprintf
_wcsnicmp
_except_handler3
_strnicmp
strncmp
_stricmp
strncpy
_itow
RtlAnsiStringToUnicodeString
ZwClose
ZwOpenKey
ObfDereferenceObject
ExFreePool
_snprintf
ExAllocatePoolWithTag
IofCompleteRequest
MmGetSystemRoutineAddress
RtlCopyUnicodeString
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 896B - Virtual size: 866B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ