Static task
static1
General
-
Target
0936ac5e6193cf7d4b0c9f1c70f37e50
-
Size
23KB
-
MD5
0936ac5e6193cf7d4b0c9f1c70f37e50
-
SHA1
f23cf791e2c1337071277270fe5eefe74dee2bd3
-
SHA256
6e4abf5ff43f3bff6378771230f9542a2406be21e3b8e59621ebae94c5449de8
-
SHA512
661766f8b94ae623fc53821c638d347821bd20cf8ccbf0c2089f9d3017652db909c366f7c1bfb4bc6a1b1e92a0b681e6a3abf92831f8afe200daa0fb29b3e2c1
-
SSDEEP
384:XMLxFHwGoXWeUEeWvQSyH2i7r7yjCmGcj8GMvex8Jsm9UsWdw5l3QjDXfHaN+tun:89x5oyE+N7h8MmxOxUsgsgXSquYciU
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0936ac5e6193cf7d4b0c9f1c70f37e50
Files
-
0936ac5e6193cf7d4b0c9f1c70f37e50.sys windows:5 windows x86 arch:x86
a140f27adb943c7c0ae7aadf12abe727
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlAnsiStringToUnicodeString
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
MmIsAddressValid
PsGetVersion
_wcslwr
wcsncpy
RtlFreeUnicodeString
KeDelayExecutionThread
ZwClose
ZwCreateKey
swprintf
RtlInitUnicodeString
wcscat
wcscpy
ZwUnmapViewOfSection
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
IoRegisterDriverReinitialization
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 632B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ