Static task
static1
General
-
Target
01e0ada5a78615b28faa5406a8a6d14f
-
Size
22KB
-
MD5
01e0ada5a78615b28faa5406a8a6d14f
-
SHA1
08c5f01471adeda8e7b972bf1b79885040b250ee
-
SHA256
ab9656a3eab108cd025a0976e0cfb0d95fa78e5a2a49ca0b0f0bcd817b5f8536
-
SHA512
006bf5ebe8355c67d870d9b7f5ea461a998bf36a073cbc353e15b30e792515c64a081c5aa90f1b2b5a1fc2131e24cc0a66750bb8cf1d90fbfee075c48a326589
-
SSDEEP
384:07PGli/fdQJFQhV7esHVZs/k73zLwLuLvjvvkSgR6pBfeFGMKLfdPmyLzm3+Sn:07eU/fdQJFQeiZ/7O4B2sVTBmyfi7n
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 01e0ada5a78615b28faa5406a8a6d14f
Files
-
01e0ada5a78615b28faa5406a8a6d14f.sys windows:5 windows x86 arch:x86
98d791a1b046d263012e568ae29b2377
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
swprintf
RtlInitUnicodeString
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
ZwCreateKey
wcslen
wcscat
wcscpy
MmIsAddressValid
strncmp
IoGetCurrentProcess
_wcsnicmp
ZwCreateFile
IoRegisterDriverReinitialization
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
PsGetVersion
_wcslwr
wcsncpy
ZwUnmapViewOfSection
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 608B - Virtual size: 602B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ