Static task
static1
General
-
Target
1d79a9cc1ca5cc97d50273fc83cf76cd
-
Size
72KB
-
MD5
1d79a9cc1ca5cc97d50273fc83cf76cd
-
SHA1
d31ea9d8c564a3b5158f903f39d42ed57630807f
-
SHA256
214de6d2f28638df0139bbb465ee5a932d8c9cf6e6e3d0837bd03e01be25658c
-
SHA512
fd0f20b38325da8e53e4c7425ffec77874e1d9c0966d9baf715fb863e3c103a6d377699986909702c37aa79426947b158e6503aa62e275671efeef90a67a0c3e
-
SSDEEP
1536:gYkhTmPDPA1pjvW072TTHwdvVxW65w9OOcV899lwyzfIiFx:yhTaPaW072fwdPOyelL/
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1d79a9cc1ca5cc97d50273fc83cf76cd
Files
-
1d79a9cc1ca5cc97d50273fc83cf76cd.sys windows:5 windows x86 arch:x86
52df957f6b5b05484679054b41472318
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
IoGetCurrentProcess
strncpy
RtlCompareMemory
IofCompleteRequest
ZwQuerySystemInformation
ZwQueryDirectoryFile
KeServiceDescriptorTable
RtlUnicodeStringToAnsiString
RtlInitAnsiString
RtlQueryRegistryValues
RtlInitUnicodeString
ZwClose
ZwWriteFile
ZwReadFile
ZwCreateFile
DbgPrint
IoFreeMdl
MmUnlockPages
ExFreePoolWithTag
KeInsertQueueApc
KeInitializeApc
KeUnstackDetachProcess
MmMapLockedPagesSpecifyCache
KeStackAttachProcess
MmProbeAndLockPages
IoAllocateMdl
ExAllocatePoolWithTag
_except_handler3
_strnicmp
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 68B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 896B - Virtual size: 772B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 896B - Virtual size: 792B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 394B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ