Static task
static1
General
-
Target
04f8ebb7e0c3ecb08f311540ba8e8c6b
-
Size
18KB
-
MD5
04f8ebb7e0c3ecb08f311540ba8e8c6b
-
SHA1
cc6ddb1a33875094c359ab9a3dd5166e4ee289a8
-
SHA256
e8a351546753c5f7c3bf3dedbe0eec61f7ae0baceb0ca627ec00cfdda1d7ef10
-
SHA512
35f01ce9a0f308b5085f8d4338a7a30ceff9e7f07af574c33a0eda4c2c84b8f855fe84010cf4c956931a9ed430479e72cf7df3a3cd3b534f8b88b341995e8cbb
-
SSDEEP
384:qMdTVyjS6t6CujeJBAjMHsIpiKnE4T7pYF4u3UVaDwBt3oZSbMtGPSxIOkCWhF/0:FInsIpiKE4T7pYF4u3UVaDwBt3oZSbMD
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 04f8ebb7e0c3ecb08f311540ba8e8c6b
Files
-
04f8ebb7e0c3ecb08f311540ba8e8c6b.sys windows:4 windows x86 arch:x86
7c82d5ed32907ab6c262d1ae4167dae6
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strlen
ZwClose
ExFreePool
ZwWriteFile
strcat
memset
ExAllocatePoolWithTag
ZwCreateFile
RtlInitUnicodeString
_stricmp
strncmp
IoGetCurrentProcess
_except_handler3
ZwSetValueKey
strstr
ZwQueryValueKey
ZwCreateKey
wcscat
wcscpy
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwOpenKey
_snwprintf
ZwEnumerateKey
PsCreateSystemThread
strncpy
PsLookupProcessByProcessId
_wcsnicmp
wcslen
memcpy
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
PsGetVersion
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 976B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ