Static task
static1
General
-
Target
020efabe64d1431016de4611e8fba524
-
Size
22KB
-
MD5
020efabe64d1431016de4611e8fba524
-
SHA1
db48edbb33b76e983f63eef24966d9f72fd03f64
-
SHA256
a2bb568b77b6d1f6605d669bf51b7a72cd5d913e324e46ba71e157c6da6d1ec0
-
SHA512
d941be0a85c66dbfb5f38c09f7e151904fcb3c88551317cb4b3e63050f8b50ed4380c82f32ccc5e4f49f47688ff6dad92318750d255177c97ada1bbeff5e77a6
-
SSDEEP
384:dgrus4hYPn66BB6as5K01kLYpjiWFE+6mL6SBASjjDBaA0tGzQsB4GY/1h/eSqiV:Wy/86atuiS/6mo+BaA0eSvqix9
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 020efabe64d1431016de4611e8fba524
Files
-
020efabe64d1431016de4611e8fba524.sys windows:5 windows x86 arch:x86
efe8b8a921dc2b7bf08b9e40c94ccfb8
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
KeDelayExecutionThread
ZwClose
ZwCreateKey
wcslen
swprintf
wcscat
wcscpy
ZwCreateFile
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
MmIsAddressValid
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
PsGetVersion
_wcslwr
wcsncpy
strncmp
IoGetCurrentProcess
_wcsnicmp
IoRegisterDriverReinitialization
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
ZwUnmapViewOfSection
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 608B - Virtual size: 580B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ