Static task
static1
General
-
Target
04f0da160ba81a2fa076b55b834a4b36
-
Size
24KB
-
MD5
04f0da160ba81a2fa076b55b834a4b36
-
SHA1
58dddc2a371716707a72d3b1ec233325f8981d1b
-
SHA256
95c6fd5acd80d57c8e8fdb23a3afd827911f990fec2f5c3f6cd53331343f61c4
-
SHA512
7fb41931d074fb1eedc729b1287982d0a33d00894c8c516987b3c8c208dd24aa26a51a9770bc8eb63054bb5c3260be342e24f32fd5010e47ba279d1ad2772540
-
SSDEEP
768:2TRKQhY7XN6aOJWN58e2qmo7/Up9iTVy9vTNWFXlJRGvOZAU8w:29bY7XAaOJWoe2qmo7/49CVgTNWFXlJM
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 04f0da160ba81a2fa076b55b834a4b36
Files
-
04f0da160ba81a2fa076b55b834a4b36.sys windows:5 windows x86 arch:x86
276d7459f0c4f99665837a1daa5c5efa
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwCreateFile
ZwSetValueKey
ZwClose
ZwOpenKey
ZwEnumerateKey
MmIsAddressValid
ZwUnmapViewOfSection
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
swprintf
PsGetVersion
_wcslwr
wcsncpy
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlAnsiStringToUnicodeString
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
IoRegisterDriverReinitialization
ZwCreateKey
wcslen
wcscat
wcscpy
strncmp
IoGetCurrentProcess
_wcsnicmp
Sections
.text Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 608B - Virtual size: 580B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ