Static task
static1
General
-
Target
00b07084c0cc1f9851d20a6bb99e7482
-
Size
22KB
-
MD5
00b07084c0cc1f9851d20a6bb99e7482
-
SHA1
5ce2829f97ba7d0d29fc0dc746832ebad015093c
-
SHA256
3efb7e597430d4d01551ec4d4f522cd3102f5b7b1ac9fca932cd3bf360d30c90
-
SHA512
0eeb255c7370256e1201991ff3e16e0b48022c34c6a0b6935c535aa1175e1a493f7ca7cdc17a0dc97e3c3352cc87372d544ebe236b6d7c9b3f85b4c74118ada5
-
SSDEEP
384:2/C4d0UpVonfqAwnuXyoaoXCtLvepoWHZ9qHFrFIhUd8A4tefqyLwV:26K0UbQfqAwnuioNydvepoyqHFrFmUdK
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 00b07084c0cc1f9851d20a6bb99e7482
Files
-
00b07084c0cc1f9851d20a6bb99e7482.sys windows:5 windows x86 arch:x86
7dc3015d8f22f31fc632a53796e4a191
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmIsAddressValid
ZwClose
ZwUnmapViewOfSection
KeDelayExecutionThread
ZwCreateKey
wcslen
swprintf
RtlInitUnicodeString
wcscat
wcscpy
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwCreateFile
IoRegisterDriverReinitialization
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
RtlAnsiStringToUnicodeString
strncmp
IoGetCurrentProcess
_wcsnicmp
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
PsGetVersion
_wcslwr
wcsncpy
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 576B - Virtual size: 574B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ