Static task
static1
General
-
Target
08042a1f28a785b7b18973babebb6501
-
Size
129KB
-
MD5
08042a1f28a785b7b18973babebb6501
-
SHA1
813a87621689aa1f93b9aa3f49b3aeba7ce7400b
-
SHA256
57eb9e4594035c391662c2f63d1dba593f899b3387377ec93e4733abfacfa182
-
SHA512
1aee5129620fcca8f69ce96ca83d15999e8487c3ba3f8648b9f043bd741150588a7379b3386b4937685acfbd826cec6ffa3d337f45608d2f61e43853c4b50ced
-
SSDEEP
3072:7RL8oJDnalmgnXqE3CmTx0qxceUs3Fck55v7o0wmHrx:7R9nalmgnD3Bdxcer3FcA97ig
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 08042a1f28a785b7b18973babebb6501
Files
-
08042a1f28a785b7b18973babebb6501.sys windows:5 windows x86 arch:x86
9facf5f1d82ced94760a7a24f4e4d5b4
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
IoGetCurrentProcess
strncpy
RtlCompareMemory
IofCompleteRequest
ZwQuerySystemInformation
ZwQueryDirectoryFile
KeServiceDescriptorTable
RtlUnicodeStringToAnsiString
RtlInitAnsiString
RtlQueryRegistryValues
RtlInitUnicodeString
ZwClose
ZwWriteFile
ZwReadFile
DbgPrint
ZwCreateFile
IoFreeMdl
MmUnlockPages
ExFreePoolWithTag
KeInsertQueueApc
KeInitializeApc
KeUnstackDetachProcess
MmMapLockedPagesSpecifyCache
KeStackAttachProcess
MmProbeAndLockPages
IoAllocateMdl
ExAllocatePoolWithTag
_except_handler3
_strnicmp
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 52B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 896B - Virtual size: 772B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 896B - Virtual size: 792B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 384B - Virtual size: 324B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ