Static task
static1
General
-
Target
011197828c9488d5fef0dfafc463e795
-
Size
28KB
-
MD5
011197828c9488d5fef0dfafc463e795
-
SHA1
0d0a2f020f7b28fe5aa3799e50ecb52452308d80
-
SHA256
6b38c1e1a2925f4530c9174b556a942a1e4308e2a2d18c172ba8ccfd1e7ad306
-
SHA512
d7aca7d9d9d2bec18741b6c6e30757bc31bd44837fa30a975ae793c6aa12f6a9c3b6ff8a8d2122ce04f84db5dbcb2d33a82c883c44a204e848f422d3a3b0dc5b
-
SSDEEP
768:bAwLuT+u5S6fdElxVY9G8HFbKoZaR+dQG5GtGI8h:bAwLw+u5zf6lrAzFbPZaR+dQG5GtGPh
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 011197828c9488d5fef0dfafc463e795
Files
-
011197828c9488d5fef0dfafc463e795.sys windows:4 windows x86 arch:x86
0c948ad5477928db0c7264067db9d624
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
wcslen
wcscat
wcscpy
ExFreePool
_snprintf
ExAllocatePoolWithTag
swprintf
ObfDereferenceObject
RtlInitUnicodeString
MmGetSystemRoutineAddress
_strnicmp
_wcsnicmp
RtlAnsiStringToUnicodeString
strncpy
_stricmp
ZwClose
ZwOpenKey
RtlCopyUnicodeString
Sections
.text Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 832B - Virtual size: 812B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 832B - Virtual size: 824B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ