Static task
static1
General
-
Target
070127203f447973f4f7f56d497ef683
-
Size
14KB
-
MD5
070127203f447973f4f7f56d497ef683
-
SHA1
2daa9b3ad65ec8e1924557fdf041ad60703c3dc5
-
SHA256
1c53bdba7bb702005f80769f2d49ea7c159cfc050ba16861d6000df391dab63e
-
SHA512
1108ed65522c459512a7e6e4343c35c25d7e055efd56799d61c1c163d8828bc318b568189e12fd6f1bd77d9e845d4f93ed80de9ca4e606bc0ab1e2b414cc81f5
-
SSDEEP
192:yO5uGlMkJzVOtIZGvfnaOtYnGf8KKSRQzXa/Pl8nRCSyvX3Ttxsbjl0qPzL:n7JJOP33YGr27o5xX3JxsXyqP
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 070127203f447973f4f7f56d497ef683
Files
-
070127203f447973f4f7f56d497ef683.sys windows:4 windows x86 arch:x86
d990e105f24bf1629fb144e5f5a33e94
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
atoi
islower
strrchr
ZwClose
swprintf
isupper
RtlInitUnicodeString
isprint
toupper
ZwCreateFile
strchr
IoRegisterDriverReinitialization
tolower
MmIsAddressValid
ZwUnmapViewOfSection
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
atol
isdigit
isxdigit
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
_stricmp
isspace
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
srand
strstr
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
DbgPrint
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
_wcslwr
wcsncpy
ZwCreateKey
wcscat
wcscpy
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 800B - Virtual size: 794B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ