Static task
static1
General
-
Target
fc6825f00f7439b9f8768959db92dd1e
-
Size
40KB
-
MD5
fc6825f00f7439b9f8768959db92dd1e
-
SHA1
01b72cc3a72ccfb768376b61df2fdb493073f1ff
-
SHA256
e5a5bda96933ded9c43504e87f6e5633bff178c2907afd7994d4c0f5830a0516
-
SHA512
d80f6f00c0eced7154f2e915c72413f73b54499d162d65169d64eeaecae7f47f20aceb07885a487e3115dc3ca92b68f39a8620dd0f237d4922eb6304377c3fda
-
SSDEEP
768:m4Wku+KPfmvcckrKhJnioVjGlSmm9IlOrzgapgoRbUsQTTAmSoX:mJk6nmvccbhBi2jGoFrzg/+IRTA
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource fc6825f00f7439b9f8768959db92dd1e
Files
-
fc6825f00f7439b9f8768959db92dd1e.sys windows:4 windows x86 arch:x86
9d2b192b7a10c81e0d3d684683898991
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlInitUnicodeString
ExFreePool
ExAllocatePoolWithTag
ZwClose
ObfDereferenceObject
strncmp
_snwprintf
wcsncpy
wcslen
wcschr
MmGetSystemRoutineAddress
IofCompleteRequest
ZwSetValueKey
_stricmp
swprintf
wcsstr
_wcslwr
ZwQueryValueKey
ZwOpenKey
_except_handler3
MmIsAddressValid
IoDeviceObjectType
KeQuerySystemTime
ZwDeleteKey
ZwCreateKey
wcsrchr
wcscat
wcscpy
KeTickCount
KeQueryTimeIncrement
IoGetCurrentProcess
PsGetVersion
_wcsnicmp
KeDelayExecutionThread
ObReferenceObjectByHandle
strncpy
ZwCreateFile
PsLookupProcessByProcessId
_wcsicmp
PsCreateSystemThread
_snprintf
RtlCompareUnicodeString
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlCopyUnicodeString
PsSetCreateProcessNotifyRoutine
ZwSetInformationFile
IoRegisterDriverReinitialization
RtlAnsiStringToUnicodeString
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 51B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ