Static task
static1
General
-
Target
0194499045693329e7b9061445012885
-
Size
14KB
-
MD5
0194499045693329e7b9061445012885
-
SHA1
eb0d9e467a1e904fbb83ace6b29c7756a9b5523d
-
SHA256
975a03e57b6d34e4b360bd940cadd53c5cfeaab4fb9f8a10c0c70d0b39091612
-
SHA512
a88e3e905fb2031e2b7ca66c9d593a0c26633bd995449c8e5f5e6067fb2e37f68fec3d110541c90d737c8bddc6b01c930e34c5ec9ea0fd72ed378580939483fc
-
SSDEEP
384:G7hj+Sy4aVY6vuAGhVfK8y5iovo/n0GBWw:G7MSyvY6vuAGajvs0G
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0194499045693329e7b9061445012885
Files
-
0194499045693329e7b9061445012885.sys windows:4 windows x86 arch:x86
6d52d314414ca18a4c89c1950645f534
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
MmIsAddressValid
RtlAnsiStringToUnicodeString
ZwUnmapViewOfSection
isupper
ZwCreateFile
IoRegisterDriverReinitialization
strchr
tolower
strrchr
isdigit
islower
swprintf
KeDelayExecutionThread
ZwCreateKey
wcslen
wcscat
wcscpy
atol
isxdigit
isprint
srand
atoi
toupper
strncmp
IoGetCurrentProcess
_wcsnicmp
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
DbgPrint
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
_wcslwr
wcsncpy
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
Sections
.text Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 832B - Virtual size: 822B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ