Static task
static1
General
-
Target
00456f8036ae6d2b8e93fc33746f38b1
-
Size
26KB
-
MD5
00456f8036ae6d2b8e93fc33746f38b1
-
SHA1
201b10b29a85e0bac2641908b466c1e8610950c7
-
SHA256
934030e33cb60c79b53a93bf75a9f7b0660ca32aea1643fdac5fa828fb1c4615
-
SHA512
88c8b96157364d3367572412e6a2422c86a745f606559bb788baac5e0780859958bd280b7ba336fa3bb70fa3fd2beb3f4636065a279f6caa774ec99c51768f97
-
SSDEEP
384:xeKOm0ZUpduKy/p7IJZ3qeQ2bPsUUau76sy1IxFw/IQ:xePLZAFy/tgZ6D2bPsUOxxFww
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 00456f8036ae6d2b8e93fc33746f38b1
Files
-
00456f8036ae6d2b8e93fc33746f38b1.sys windows:4 windows x86 arch:x86
9ad629aebfc59548fa8b9b4480464ed1
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwCreateFile
ZwEnumerateKey
ZwSetValueKey
ZwClose
ZwOpenKey
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
_wcslwr
wcsncpy
RtlFreeUnicodeString
KeDelayExecutionThread
ZwCreateKey
swprintf
wcscat
wcscpy
RtlAnsiStringToUnicodeString
MmIsAddressValid
ZwUnmapViewOfSection
IoRegisterDriverReinitialization
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
Sections
.text Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 672B - Virtual size: 658B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ