Static task
static1
General
-
Target
fbc2e7966d12a53021d2a5fe6076e72f
-
Size
27KB
-
MD5
fbc2e7966d12a53021d2a5fe6076e72f
-
SHA1
9986cd433277f6e15e6efc605cf410d8671dcce8
-
SHA256
ddb88e132b8b42e64a28eab2989f8f457362007ee89d2545f490dba653f9a921
-
SHA512
068393cccf88abdf8e47d1780123ebdca8df880b9e225617ce99eb22e8d33af25b682554a0d4b7514278711cca9f3004493b8025737a7cf20bf135c57c7d60c0
-
SSDEEP
768:cHIsf4B0xTJOQnM9s2gizu49knnaJMMh3wnM:cowHxTJWKgy8wa+MhAn
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource fbc2e7966d12a53021d2a5fe6076e72f
Files
-
fbc2e7966d12a53021d2a5fe6076e72f.sys windows:4 windows x86 arch:x86
4fc0ec75fd0f99c04d96347f1b512601
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
swprintf
ZwClose
RtlInitUnicodeString
ZwOpenKey
wcslen
wcscat
wcscpy
RtlCopyUnicodeString
_strnicmp
ObfDereferenceObject
strncmp
_wcsnicmp
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
strncpy
_stricmp
ExFreePool
_snprintf
ExAllocatePoolWithTag
Sections
.text Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 448B - Virtual size: 436B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 832B - Virtual size: 824B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ