Static task
static1
General
-
Target
07fd4e749bc3217042a3e48cfaac0fd9
-
Size
26KB
-
MD5
07fd4e749bc3217042a3e48cfaac0fd9
-
SHA1
cc85e92297c1a332a65bd151f86a13dd9d1cdb02
-
SHA256
a6db6a6bd396250e96ec236558ffc3c865e164daacb323eef280c153aaa9e4ce
-
SHA512
651e918d4e379b5dda8bfeea6c3ec5fb6e6cfb66700a092147fee838bf0a5e189e5797e053da804253a7586028cdd4cdd8cc1dfebdc0c90446728743c73e3f5f
-
SSDEEP
768:LLXKa2PtUGT+9PKf+Gu19AwWrexFhz4An59h1kTZqD9d7hZf+fwjuKGgaqItXzn:L7KaetUGq9yf+G2vPrDL50D
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 07fd4e749bc3217042a3e48cfaac0fd9
Files
-
07fd4e749bc3217042a3e48cfaac0fd9.sys windows:4 windows x86 arch:x86
50e097f149a2b2dddcb1e7dec5929ff6
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
srand
RtlInitUnicodeString
toupper
KeDelayExecutionThread
ZwClose
ZwCreateKey
wcslen
swprintf
wcscat
wcscpy
isupper
atol
isdigit
strncmp
IoGetCurrentProcess
_wcslwr
wcsncpy
PsGetVersion
_wcsnicmp
ZwOpenKey
ZwEnumerateKey
ZwSetValueKey
ZwCreateFile
MmIsAddressValid
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwUnmapViewOfSection
IoRegisterDriverReinitialization
isprint
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
isxdigit
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
isspace
islower
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
tolower
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
DbgPrint
strchr
Sections
.text Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 736B - Virtual size: 712B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ