Static task
static1
General
-
Target
0abd7178a9ebc646493c32ff4d5ff001
-
Size
65KB
-
MD5
0abd7178a9ebc646493c32ff4d5ff001
-
SHA1
70469350fdfd912f4a11e7740583d95b1b74f6bc
-
SHA256
e764ee21cfe1df1c8e6d42a74501cd5f096aae98103bbfd70693acb498042f9a
-
SHA512
3469b262b608ac6d7aa0d1ef0f162d3d5f15e006e9e87e16290e7c6b95c87f0cac25f327bfa2d9da2bb5e8e05daf3432a326f2e4a71cb852eb3b4cb95e140d0b
-
SSDEEP
384:w5unwzxh/TrJXoD6GoZmHslKrQiLUYErRP5ut617azrbY04ggk0pKb2Gj/1EeeMM:KuMTQtoRjQx1YOWSVPw3o1u
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0abd7178a9ebc646493c32ff4d5ff001
Files
-
0abd7178a9ebc646493c32ff4d5ff001.sys windows:5 windows x86 arch:x86
6b880a1984a21c125b765ce7d622437b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmIsAddressValid
KeServiceDescriptorTable
ExFreePoolWithTag
_stricmp
strrchr
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwClose
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwCreateFile
ObReferenceObjectByHandle
ZwOpenProcess
wcslen
_strnicmp
KeDetachProcess
MmHighestUserAddress
ZwQueryInformationProcess
KeAttachProcess
IoDeleteDevice
RtlInitUnicodeString
IofCompleteRequest
MmUserProbeAddress
NtBuildNumber
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
strstr
_strupr
strncpy
DbgPrint
memchr
Sections
.text Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 900B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ