Static task
static1
General
-
Target
0b20bc3ade7e66e244989fe632fc20f5
-
Size
16KB
-
MD5
0b20bc3ade7e66e244989fe632fc20f5
-
SHA1
f3522bbb4ad88724bb5bd26cd8efaff43833f37f
-
SHA256
e2b153e45e86a0b059ab0e108d435d1428de7ede0caf810891a78cb30289487f
-
SHA512
68bb5b3ed04d8edca1ae0d8f52e6e99c91fe391f8fdfb93486fabefb121d06551face98de3b4aadfdd78465c0d327942e0b854f73ec083a6d689222d65fa7770
-
SSDEEP
192:38XTVsNkiIqeDyZckOI2FJq6SVfObiCBprCi64nXnw+Z6rgCQRTYsOayP0+As3:3UZsjVckOjXq6ShgfBprCiBTB80+7
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0b20bc3ade7e66e244989fe632fc20f5
Files
-
0b20bc3ade7e66e244989fe632fc20f5.sys windows:4 windows x86 arch:x86
1211d72a0c7cda69801e9fcb441deee2
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmIsAddressValid
ZwClose
ZwUnmapViewOfSection
RtlInitUnicodeString
strstr
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
toupper
ZwCreateFile
IoRegisterDriverReinitialization
PsSetCreateProcessNotifyRoutine
isupper
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
tolower
PsGetVersion
DbgPrint
atoi
atol
isdigit
isspace
islower
RtlAnsiStringToUnicodeString
strchr
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
isprint
strrchr
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
isxdigit
srand
ZwCreateKey
wcscat
wcscpy
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
_wcslwr
wcsncpy
Sections
.text Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 800B - Virtual size: 770B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ