Static task
static1
General
-
Target
004505c90c32a7f2657155a4da839294
-
Size
23KB
-
MD5
004505c90c32a7f2657155a4da839294
-
SHA1
26e5248333854f8b7b99a4f7abde3ad4e0d83a7b
-
SHA256
4ccc1745135d2592fbdfc513308ee86a68b5929e7fb8d1ff6b956d38b536df60
-
SHA512
a04643656deeeffbdb99d931b78661a9fd5abb682a7f926fa03e741d92c9f483925b0205d37f11caec1b3f08a629ab93872b36800878786f35112a9bcb0d851d
-
SSDEEP
384:YmDsmuQYuuh5v41oLkmyF+Sitae6Ny62PLw93DsCea5dQUgd3fj3b5YDAAGvKTg:zsosht43BgPLM9ozUG3v5jAGCTg
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 004505c90c32a7f2657155a4da839294
Files
-
004505c90c32a7f2657155a4da839294.sys windows:5 windows x86 arch:x86
c72a309254f16fb8120d2c333c9945b9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlInitUnicodeString
ZwCreateFile
ZwSetValueKey
ZwClose
ZwOpenKey
ZwEnumerateKey
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IoRegisterDriverReinitialization
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
MmIsAddressValid
ZwUnmapViewOfSection
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
ZwCreateKey
wcscat
wcscpy
RtlAnsiStringToUnicodeString
PsGetVersion
_wcslwr
wcsncpy
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 608B - Virtual size: 596B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ