Static task
static1
General
-
Target
01b36ae498b80e4039438eabea5e3e94
-
Size
22KB
-
MD5
01b36ae498b80e4039438eabea5e3e94
-
SHA1
2651282b83cc8aff838879f19d4816869a94261d
-
SHA256
38096fe065851bef00aa81a339b736031b345e391fcbf692db916a92fda7d798
-
SHA512
907fa8e5d986beb8d1eafcea647175fe9417d09d671d24983e22d0280e7504704423f0f4d5b4d38c128a22c9795bb05a49f82fc8252c0f499dc57f1a145a983d
-
SSDEEP
384:Qcm0tIkhj2jUJ8VWZIGSsLnVzZ8JShB7JiNtAYyiSJuzyT9oMd2C+Vtp4l:Qcm0tIkt2AJMGS4nVzZqShVJiNTyiSJ9
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 01b36ae498b80e4039438eabea5e3e94
Files
-
01b36ae498b80e4039438eabea5e3e94.sys windows:5 windows x86 arch:x86
c38b1c643e11b5be2a3e86e31cae8d62
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmIsAddressValid
ZwCreateFile
ZwSetValueKey
ZwClose
ZwOpenKey
ZwEnumerateKey
RtlInitUnicodeString
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
ZwUnmapViewOfSection
RtlAnsiStringToUnicodeString
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IoRegisterDriverReinitialization
ZwCreateKey
wcslen
wcscat
wcscpy
PsGetVersion
_wcslwr
wcsncpy
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
strncmp
IoGetCurrentProcess
_wcsnicmp
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 608B - Virtual size: 584B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ