Static task
static1
General
-
Target
0b25f41ae1184835ef8440594d2d1ad8
-
Size
26KB
-
MD5
0b25f41ae1184835ef8440594d2d1ad8
-
SHA1
efefbdcb82eabdea5b9ca916a958f8360a5829d2
-
SHA256
029d0680a17bf0a5a5dc50ba667a25004ec518549404e5d19d355f6269287730
-
SHA512
72ec1a32c3c3e2dc1c074ff9eb49560e8f3ab630aff465f0e90eb2065c4ee26ffe113d386ac125ea44bf0a89164bd960a24a0041d396b249786976559be2ade7
-
SSDEEP
768:KsmanMP3qJBJu3doJuexmVyM9JbNHT8VH84EehAc+XMymkqg3z1ti9Eu:KsmSMyJPQw8DVD1ti9L
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0b25f41ae1184835ef8440594d2d1ad8
Files
-
0b25f41ae1184835ef8440594d2d1ad8.sys windows:4 windows x86 arch:x86
1a83d4a350dae0b29037633a87aff714
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
IoGetCurrentProcess
_wcslwr
wcsncpy
PsGetVersion
toupper
_wcsnicmp
wcslen
ZwClose
ZwOpenKey
ZwEnumerateKey
ZwSetValueKey
ZwCreateFile
isxdigit
RtlInitUnicodeString
isprint
KeDelayExecutionThread
ZwCreateKey
strrchr
swprintf
wcscat
wcscpy
atoi
strstr
MmIsAddressValid
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwUnmapViewOfSection
strchr
isspace
IoRegisterDriverReinitialization
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
DbgPrint
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 704B - Virtual size: 700B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ