Static task
static1
General
-
Target
076be5715cde3ae16eefc7ec81535d44
-
Size
5KB
-
MD5
076be5715cde3ae16eefc7ec81535d44
-
SHA1
4fc458f1443190e61c6360569125af8836db7652
-
SHA256
73556bdb5e05757f07b87071d2d57fbd6e5ee39d9e268b5b90e61689ab103997
-
SHA512
1f78f7622a5e17b449c242486945d708ec78ac05af86b1f6aa97ec7a01a5967134b6e2711cf2d90c6379f90ace5b433c9c438b245af00f925ba37f6b1f0c3b7c
-
SSDEEP
96:41ID3Wf106CPvEQaGY/Eo9015FpcTWbQkKUs2UlzHsaHLLety:4xtiX1SYsCM
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 076be5715cde3ae16eefc7ec81535d44
Files
-
076be5715cde3ae16eefc7ec81535d44.sys windows:5 windows x86 arch:x86
64c920d0d8eecd3df079bb1c111e2e7d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwDeviceIoControlFile
IoDeleteDevice
IoDeleteSymbolicLink
wcscat
RtlFreeUnicodeString
wcscpy
RtlAnsiStringToUnicodeString
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 640B - Virtual size: 560B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 640B - Virtual size: 526B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 128B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 256B - Virtual size: 240B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ