Static task
static1
General
-
Target
093d4b53d37421e10a4f0e86614bd4dd
-
Size
27KB
-
MD5
093d4b53d37421e10a4f0e86614bd4dd
-
SHA1
731f8be54b86c7edff8caa645007c0010024dc21
-
SHA256
376cd48a010c893f124f6a95a8ea7b2fe34891cf90a3b72dce5ac03fcd8475a4
-
SHA512
e6843e71beeb75e2c130e3890c2006a19e6fa01a6eee8ac71069c3fbd0241a76c3b09c8eac7f94502b41f839add659e2ec15d31148c89f4c6ca079fd3a05ff5f
-
SSDEEP
384:2QXpReL3VXuDjtF3TPJGKm8sS+KFZ8tcv/3e/IVD2TwtXam0FmY/xu08gj9X5vpQ:fpRJTjRXXOQ5ST5tzm9T8Sr5
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 093d4b53d37421e10a4f0e86614bd4dd
Files
-
093d4b53d37421e10a4f0e86614bd4dd.sys windows:5 windows x86 arch:x86
22eaf0094f6157ddebfc846a176de8ee
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
swprintf
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlFreeUnicodeString
wcslen
ZwCreateKey
wcscat
wcscpy
PsGetVersion
_wcslwr
wcsncpy
MmIsAddressValid
ZwUnmapViewOfSection
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
RtlAnsiStringToUnicodeString
strncmp
IoGetCurrentProcess
_wcsnicmp
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 672B - Virtual size: 648B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ