Static task
static1
General
-
Target
04b498bc3b8b4e246d1af32ca1a1ee94
-
Size
22KB
-
MD5
04b498bc3b8b4e246d1af32ca1a1ee94
-
SHA1
1b2c69714b2dd2e64340e850ccfa9764341a3b30
-
SHA256
eb65fef37d37ea0bbbb8cac4c154a734e8b55f9a519c8254400df975e7881edd
-
SHA512
4c9436c7624dfdc6ab3e9e332e2f4ab5ea925efa5f02da77d1c54c7706ad49a9e701aa95475834f65157e3fb611a103a5be11b8b1a53c2937f781de7da051c50
-
SSDEEP
384:YQRdETJ5hjci+2jk44MQpVMUehCYMBh4P8A7EvjBhnG5bQDmOwQ7KuBRdoWRf0Mj:zITRc9MCA7YmSHLZBQK0kX
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 04b498bc3b8b4e246d1af32ca1a1ee94
Files
-
04b498bc3b8b4e246d1af32ca1a1ee94.sys windows:5 windows x86 arch:x86
d4ac752e280c44fcb4647a33fd66729b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmIsAddressValid
ZwClose
ZwUnmapViewOfSection
PsGetVersion
_wcslwr
wcsncpy
RtlAnsiStringToUnicodeString
KeDelayExecutionThread
ZwCreateKey
wcslen
swprintf
RtlInitUnicodeString
wcscat
wcscpy
ZwCreateFile
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
IoRegisterDriverReinitialization
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
strncmp
IoGetCurrentProcess
_wcsnicmp
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 618B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ