Static task
static1
General
-
Target
0279c862c58b9d7ae0f8bc522cbb2bf6
-
Size
22KB
-
MD5
0279c862c58b9d7ae0f8bc522cbb2bf6
-
SHA1
408abb3648a6d1e3b072ee48e092d5c42d134b9f
-
SHA256
c60be42287e0f830a2a08ddf9c71054357259e9620c4596ab9d436e216f43c18
-
SHA512
c9e8efaaa601f06c73e566bca95abaf4ebb663bb5219f91947576172d142da7c6a2e4e91683128c0ef08b25e85b77a866fc494f99a1b1f2a1e76eb17d685fdc4
-
SSDEEP
384:LpoXYVDnNzoHeS+ZPVgxTE1/MYEFLC//tZKVaglhE933QuYodn54kjSrfq9vyVUN:NoUu+S+ZyhgZX1xwuYi45DqxOOixW
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0279c862c58b9d7ae0f8bc522cbb2bf6
Files
-
0279c862c58b9d7ae0f8bc522cbb2bf6.sys windows:5 windows x86 arch:x86
11f14ad270bbb16ca105eb3654f641f9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
wcscat
wcscpy
PsGetVersion
_wcslwr
wcsncpy
ZwClose
swprintf
RtlFreeUnicodeString
KeDelayExecutionThread
wcslen
ZwCreateKey
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
MmIsAddressValid
ZwCreateFile
IoRegisterDriverReinitialization
ZwUnmapViewOfSection
RtlAnsiStringToUnicodeString
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
strncmp
IoGetCurrentProcess
_wcsnicmp
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 622B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ