Static task
static1
General
-
Target
03b348a17775614a65b3cc8d83e9766d
-
Size
24KB
-
MD5
03b348a17775614a65b3cc8d83e9766d
-
SHA1
712b8e238f06ea4607bfad11ab78221c4b0a800f
-
SHA256
737fc65f1f19c6a8132f68160cbfb8f129759c8c97e91fd6e70f746d8e0a88b3
-
SHA512
efe688ae7d200b2de6d2bfc95b43f9d9899b27b93f6b5e7a2d22f3b462dc4d6a5e157037f4adf32144a96ac842b612c1226c8d1f0c7fc1ae153c905e99bdfd0c
-
SSDEEP
768:dE8Rwdrw89ryBAs9Wxgs/7alVCvbUIpqChbd:GfrD9ryBna/7alYvbUIxh
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 03b348a17775614a65b3cc8d83e9766d
Files
-
03b348a17775614a65b3cc8d83e9766d.sys windows:5 windows x86 arch:x86
8dc8ff0a28243477f43e2509c6c61b99
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmIsAddressValid
ZwClose
ZwUnmapViewOfSection
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
RtlFreeUnicodeString
KeDelayExecutionThread
wcslen
ZwCreateKey
swprintf
wcscat
wcscpy
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
strncmp
IoGetCurrentProcess
_wcsnicmp
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
PsGetVersion
_wcslwr
wcsncpy
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
Sections
.text Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 610B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ