Static task
static1
General
-
Target
082ee9d505f838b9fdce72bd3b8f9e27
-
Size
26KB
-
MD5
082ee9d505f838b9fdce72bd3b8f9e27
-
SHA1
b9424cfe67a7855a9302201cf65c84daac826743
-
SHA256
8214dd99c969b21c63d822ff80e4aeda686b57020fb86f951441c590ca16a726
-
SHA512
572d09356051043f2c9373946eea7ba5f0301c5717ebae01893b8beda427bb7ad0ddbf81f3e0bce8c47bdf76417c7a025b8664d6153f74d1dfb33920f03c5c74
-
SSDEEP
384:138xLdtSMpn9sHBaeajjhD4dv1i5E9MSaQBAQwdMaK5J3rQlPlPBPOcCv9+M85FQ:1369maeGCFFBArdMsDiNNBkhiZp
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 082ee9d505f838b9fdce72bd3b8f9e27
Files
-
082ee9d505f838b9fdce72bd3b8f9e27.sys windows:5 windows x86 arch:x86
0a1cbb98ec7c79ebd4479c154360fdcb
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmIsAddressValid
ZwClose
ZwUnmapViewOfSection
RtlInitUnicodeString
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwCreateFile
IoRegisterDriverReinitialization
PsGetVersion
_wcslwr
wcsncpy
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
KeDelayExecutionThread
ZwCreateKey
swprintf
wcscat
wcscpy
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 636B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ