Static task
static1
General
-
Target
7cb03d843075c18a67bf2cfca53755e4
-
Size
11KB
-
MD5
7cb03d843075c18a67bf2cfca53755e4
-
SHA1
19749963e486a3575cf721648f49e17e7747ed14
-
SHA256
c1b44efcf886c4e69b000119c042d8805b54cb924c243a1d01bc533fd63b7095
-
SHA512
a8c71ca2cba80c638863cd2b9da2a5049269d6e3b726b869944854e3af2d0e47ddbfd93de67d4d6016d5a58fe8a5da38be7cf6838e350f3238adabbfa09b1029
-
SSDEEP
192:2lBSkfLw+MeBXDERLKGjkXDS09w6mWy2bBKLSo:2TzTwteBTElBj+DSoNms92
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7cb03d843075c18a67bf2cfca53755e4
Files
-
7cb03d843075c18a67bf2cfca53755e4.sys windows:6 windows x86 arch:x86
8a58572efbeaf67a47c9f4176aa20cc4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExFreePoolWithTag
ZwClose
ObOpenObjectByPointer
KeDetachProcess
ZwTerminateProcess
KeAttachProcess
MmUnmapViewOfSection
_stricmp
ExAllocatePoolWithTag
ZwQuerySystemInformation
PsLookupProcessByProcessId
ZwTerminateJobObject
ZwAssignProcessToJobObject
ZwCreateJobObject
ZwOpenProcess
IofCompleteRequest
KeServiceDescriptorTable
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
Sections
.text Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 428B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 36B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 768B - Virtual size: 702B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 256B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ