Static task
static1
General
-
Target
0aab4fd9d2ba82ec10eb9ffe1d58bff7
-
Size
22KB
-
MD5
0aab4fd9d2ba82ec10eb9ffe1d58bff7
-
SHA1
db96fbf9a9c519933164b0fcdf74bfa14aebd1f7
-
SHA256
2108a320a342c852e298b31c29ef0e9222d2e94391a2cf12e81b2f10f2003982
-
SHA512
d023a8a47ac7b80ee187a520838d085a38c729243ad211dfecf3b80b515cab7946f7130f57ae3e77d955dab2fd876643b1144b92def89f8897c780dc8b46baa3
-
SSDEEP
384:guqhl/QiAE2FXY6mQ1QptnirpPkjMfxu0gccDO615f+T2KXmh+azJvxhZ8:+loj+NpGpf0cc+Sx8
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0aab4fd9d2ba82ec10eb9ffe1d58bff7
Files
-
0aab4fd9d2ba82ec10eb9ffe1d58bff7.sys windows:5 windows x86 arch:x86
c2aa65dff2a59df67f4d70a562fc15a9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlAnsiStringToUnicodeString
KeDelayExecutionThread
ZwClose
ZwCreateKey
wcslen
swprintf
RtlInitUnicodeString
wcscat
wcscpy
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
MmIsAddressValid
ZwUnmapViewOfSection
strncmp
IoGetCurrentProcess
_wcsnicmp
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
IoRegisterDriverReinitialization
PsGetVersion
_wcslwr
wcsncpy
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 608B - Virtual size: 582B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ