Static task
static1
General
-
Target
027e0a6fabec7cfb535b1b4b324e23c0
-
Size
26KB
-
MD5
027e0a6fabec7cfb535b1b4b324e23c0
-
SHA1
7844ca7b78a52327eddf3c7c8105e8be1130e8a9
-
SHA256
1085f1f735fc33f5a3ad66c75210c123027007de81f259c46027051c875199ed
-
SHA512
3666b0bbb3063d2fea1852bf414e38f6f7671e8f3807814ead2d3112cadfacc6853234beb722e7a7eedf9b58e0aaf8b2f7bc5a6a6fb58b65c4e4d14adac2bc9b
-
SSDEEP
768:Nha2sMWCnLaThQuOdK/UtZ5QQvObaQA2qOQA08kmXrDJw+sE6D4tG9En:zsHMLaThQHthAGDDWG9S
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 027e0a6fabec7cfb535b1b4b324e23c0
Files
-
027e0a6fabec7cfb535b1b4b324e23c0.sys windows:4 windows x86 arch:x86
90115430fb165650675759aef79becd9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
IoGetCurrentProcess
_wcslwr
wcsncpy
PsGetVersion
strchr
_wcsnicmp
wcslen
ZwClose
ZwOpenKey
ZwEnumerateKey
ZwSetValueKey
ZwCreateFile
atol
RtlInitUnicodeString
isspace
IoRegisterDriverReinitialization
strstr
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
tolower
atoi
toupper
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
DbgPrint
MmIsAddressValid
isxdigit
ZwCreateKey
srand
wcscat
wcscpy
strrchr
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwUnmapViewOfSection
Sections
.text Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 736B - Virtual size: 708B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ