m_regs
Static task
static1
1 signatures
General
-
Target
20a5f9f5d2bf0db5b791ec598ba15dab
-
Size
21KB
-
MD5
20a5f9f5d2bf0db5b791ec598ba15dab
-
SHA1
309c950359b1cd07bf47cedd3c89a19cbefdc85e
-
SHA256
34f86c791ac482cefbf6bc9042af1c83b861c5d3fe508d0fc1c86981594aceb9
-
SHA512
6d3616acb9d4262bc7a2fa7db7d816b3a7ce32e543aa31e7abae96f4caec4d95c371443c81cfd697b5d68b34c732ec6dda2bfce342d54672cd729e83b3b96394
-
SSDEEP
192:hKIGLnn1dvcOZaZErwhmEJ5VQ+9w+oYOeb9A:DGTrUOIEXMwP
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 20a5f9f5d2bf0db5b791ec598ba15dab
Files
-
20a5f9f5d2bf0db5b791ec598ba15dab.sys windows:5 windows x86 arch:x86
0080cd891a31f356686032d05ae79aa9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IofCompleteRequest
MmIsAddressValid
RtlFreeAnsiString
_strupr
RtlUnicodeStringToAnsiString
strncmp
IoGetCurrentProcess
strrchr
PsGetCurrentThreadId
PsGetCurrentProcessId
strstr
PsLookupProcessByProcessId
strncpy
RtlInitUnicodeString
KeServiceDescriptorTable
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwReadFile
ZwClose
ZwCreateFile
ExFreePool
ExAllocatePoolWithTag
IoCreateSymbolicLink
IoCreateDevice
IoDeleteDevice
IoDeleteSymbolicLink
Exports
Exports
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 224B - Virtual size: 196B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 96B - Virtual size: 68B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 704B - Virtual size: 700B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 448B - Virtual size: 446B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ