Static task
static1
General
-
Target
00986b3579e8e458d8807858a2ac0663
-
Size
24KB
-
MD5
00986b3579e8e458d8807858a2ac0663
-
SHA1
2bdcf80397e6aee63076da458b670891df6b3f4b
-
SHA256
1b13a0a1351f673d5a59660de678d8405ffeb1d59b297c231e89d0a30887dfcf
-
SHA512
1b234aebb7c17412d3c2da8a6c1036e65005a6492d916ca6e7d7039433551bf9c7f7eedafc1bed54758b5da6ffbcc73ee1e085b15f8e1c151e5e58f48e7f6190
-
SSDEEP
768:yv3r7Bdt4SN5KwWCwoCpq0FccKTTxJeQAVjNZy3qKTPci:yv3r1dt4SNIXCwoCplFccKfxJeQgjNIN
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 00986b3579e8e458d8807858a2ac0663
Files
-
00986b3579e8e458d8807858a2ac0663.sys windows:5 windows x86 arch:x86
b14d3c9e622f70e413095b84b6f8c13b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PsGetVersion
_wcslwr
wcsncpy
ZwClose
swprintf
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwCreateFile
IoRegisterDriverReinitialization
MmIsAddressValid
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
KeDelayExecutionThread
ZwCreateKey
wcscat
wcscpy
ZwUnmapViewOfSection
RtlAnsiStringToUnicodeString
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
Sections
.text Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 576B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ