Static task
static1
General
-
Target
0178a64f7b3ad5ba57db4804ca3cfe05
-
Size
23KB
-
MD5
0178a64f7b3ad5ba57db4804ca3cfe05
-
SHA1
8040edc76bfe0d116e3d25f07925b7ce07d51af8
-
SHA256
81f93a5485f2085fa6bb4235cbe10e8d0621deae784ff6e957450055920d53f9
-
SHA512
fa9698b284b0109c4f663121de637d6974e5d7ec2f26fe83ea7e216ae7d68f84d286e064592e01940414678f6dba7594256bfa1fdd88a38c14e0d9593fd30ccf
-
SSDEEP
384:akXY/RPMeXLVKp6bQXmUOpriCsHIXk4DOwoqN5GBwD75o283cUQT6Z1T6gBPDJwo:fadbKX8p6oXKw6WoNsXTeP2P4vB
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0178a64f7b3ad5ba57db4804ca3cfe05
Files
-
0178a64f7b3ad5ba57db4804ca3cfe05.sys windows:5 windows x86 arch:x86
92fadaf33f549acfeecbcb87a17194cc
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PsGetVersion
_wcslwr
wcsncpy
ZwClose
RtlInitUnicodeString
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
ZwCreateFile
IoRegisterDriverReinitialization
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
wcslen
ZwCreateKey
wcscat
wcscpy
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
strncmp
IoGetCurrentProcess
_wcsnicmp
MmIsAddressValid
ZwUnmapViewOfSection
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 634B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ