Static task
static1
General
-
Target
028f144446c038d80fd47c49ce0505fc
-
Size
22KB
-
MD5
028f144446c038d80fd47c49ce0505fc
-
SHA1
1d187626d6c254b0077318a63e89dc24d28facab
-
SHA256
2910ee528af3912c1f8b3a5c5eb27d9287712f2060db259aa1fea3974b7ad918
-
SHA512
d5f38b86ae583b4f93b5537df0b671d568fcd33cd9b16f806e69bcedb51cdf55c6e1b20ae019dd73582561e4c35e4b0a24ca626470128470804b7164e570b8a8
-
SSDEEP
384:Eizu2fNV7Qf6EY+UiShSDqlNntcayC/MlvUaI5ZFzv1G3Q15Dd9/mHNkxm:EIlNFCxz8WWNm0ZFA3QvDv4+m
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 028f144446c038d80fd47c49ce0505fc
Files
-
028f144446c038d80fd47c49ce0505fc.sys windows:5 windows x86 arch:x86
0aff86969b53e5a32c7bcc16fab77df9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwCreateFile
ZwSetValueKey
ZwClose
ZwOpenKey
ZwEnumerateKey
swprintf
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
wcscat
wcscpy
RtlAnsiStringToUnicodeString
IoRegisterDriverReinitialization
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
PsGetVersion
_wcslwr
wcsncpy
MmIsAddressValid
ZwUnmapViewOfSection
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
KeDelayExecutionThread
ZwCreateKey
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 612B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ