Static task
static1
General
-
Target
7c8e979f7fed6846e0c7de9966c51bd9
-
Size
28KB
-
MD5
7c8e979f7fed6846e0c7de9966c51bd9
-
SHA1
11af206e4d045797f39b51e448a6686e94e81121
-
SHA256
c631e59e75adaca933a554975b1d07b37849f7ddcc8bfb9ca1b9fb1abf6651c0
-
SHA512
b68054c5026ee30f437e6cd44e2552580c1d2cd7393acb9e908967a8d42292973ae5109f5d262497a3cae2c4866cf72dbd5868ef10d939b3b1015dd8610b1b17
-
SSDEEP
768:RViK2dNK5TeH0ndvgARxHrZi2w4elrRW9giJi56bWqDB:RuY5TeqFgAR9m44Yh3JF
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7c8e979f7fed6846e0c7de9966c51bd9
Files
-
7c8e979f7fed6846e0c7de9966c51bd9.sys windows:4 windows x86 arch:x86
17b494fa8ea2226ff0728cd8f0656da9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
wcscat
wcscpy
_itow
wcslen
_strnicmp
RtlInitUnicodeString
ZwClose
ZwOpenKey
swprintf
_stricmp
strncpy
_wcsnicmp
ObfDereferenceObject
RtlAnsiStringToUnicodeString
RtlCopyUnicodeString
IofCompleteRequest
strncmp
ExFreePool
_snprintf
ExAllocatePoolWithTag
_except_handler3
MmGetSystemRoutineAddress
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 896B - Virtual size: 870B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ