Static task
static1
General
-
Target
021de641f936b6cfc48e6e38965c4bd2
-
Size
49KB
-
MD5
021de641f936b6cfc48e6e38965c4bd2
-
SHA1
071403006bbb8eeeb0e3810fc4d1b1c2a09e02e5
-
SHA256
ee8573239c96afb57f87b4a7396b880fcf745d0db840617f1615b802414c9da4
-
SHA512
019f85a8fc4741a801416babec4f1174218f56cccf06d253589bc5b9ca069f401261f5e8653ce174e9bf7cd34dfc4c402125098fcad811d27f9393ed8936c2be
-
SSDEEP
768:7R68hn57KUakI6w5y5GVfxRY7pfcomt5Y8DN61JSLD2:7wC5euI6w5RxjspkTt5d416D2
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 021de641f936b6cfc48e6e38965c4bd2
Files
-
021de641f936b6cfc48e6e38965c4bd2.sys windows:4 windows x86 arch:x86
9a4fe8b4073006524c70210ca57a3a4b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
PsSetCreateProcessNotifyRoutine
wcscat
wcscpy
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
MmIsAddressValid
swprintf
PsGetVersion
_wcslwr
wcsncpy
MmGetSystemRoutineAddress
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
ZwCreateKey
ZwUnmapViewOfSection
Sections
.text Size: 43KB - Virtual size: 43KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 288B - Virtual size: 275B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 928B - Virtual size: 900B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 736B - Virtual size: 718B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ