Static task
static1
General
-
Target
072136d8d5b9a2fba744caa168b941fe
-
Size
27KB
-
MD5
072136d8d5b9a2fba744caa168b941fe
-
SHA1
d539ed885ec4ec99699404d6cc5ebdc20711427f
-
SHA256
43ae60c6b896192803a18707a81292d16b3684bd8901337fe2d7cb6d59bb317d
-
SHA512
48a7d7f756a23898bcb8775f82e543c2a5333090fc64e7e5c96392a7f6cde2dc9b8ede716d627993a268dab9777c372451cad2c8198c4baa819820307137a034
-
SSDEEP
768:gKbC+NASII52ec+gpuFV2DqHCtQMLN9eQC0vhEYlRamS0zJ7KN4cXb:5bHASN1ctpZdKY6jL
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 072136d8d5b9a2fba744caa168b941fe
Files
-
072136d8d5b9a2fba744caa168b941fe.sys windows:4 windows x86 arch:x86
82c0379f0bbb618b20184e4ad16633a3
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwCreateFile
RtlInitUnicodeString
srand
IoRegisterDriverReinitialization
strstr
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strchr
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
isxdigit
isupper
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
isprint
PsGetVersion
atol
DbgPrint
tolower
toupper
MmIsAddressValid
strncmp
IoGetCurrentProcess
_wcslwr
wcsncpy
_wcsnicmp
wcslen
ZwOpenKey
ZwEnumerateKey
ZwSetValueKey
ZwCreateKey
islower
wcscat
wcscpy
isdigit
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwUnmapViewOfSection
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 736B - Virtual size: 736B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ