Static task
static1
General
-
Target
032eeebe0852f59dc3c0bb08ece947cb
-
Size
22KB
-
MD5
032eeebe0852f59dc3c0bb08ece947cb
-
SHA1
68b0c6ffe4ffebe25547ad2b0b8ea19824baf890
-
SHA256
724c3c37d9f77da13ecae2f80e1b14747ca0d2e7a41615310a1b98f9a42bb06c
-
SHA512
a5bf007713fa266537608f2f3c4e3dd884b95c0c3ad01f924c39c7dcf87ea6ea5086d7510494d7588a1512b55fb1b48e596392051b1cd44e8100d966f399892b
-
SSDEEP
384:saBiSr/2gx9aLowxNvWPSufoyqb/hZ3Q6QuAN+GUkSzDfmpFhm57jUK+8ef:saEk/dcowjOg5ZgVuAvUk4mpCeB
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 032eeebe0852f59dc3c0bb08ece947cb
Files
-
032eeebe0852f59dc3c0bb08ece947cb.sys windows:5 windows x86 arch:x86
1eed0f3afe8abf7396a16035812ad3bf
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmIsAddressValid
ZwClose
ZwUnmapViewOfSection
wcscat
wcscpy
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
RtlFreeUnicodeString
KeDelayExecutionThread
wcslen
ZwCreateKey
swprintf
RtlAnsiStringToUnicodeString
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
ZwCreateFile
IoRegisterDriverReinitialization
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
PsGetVersion
_wcslwr
wcsncpy
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
strncmp
IoGetCurrentProcess
_wcsnicmp
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 628B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ