Static task
static1
General
-
Target
0b3f8fc5ba2da17111b6f44b465b8ed9
-
Size
21KB
-
MD5
0b3f8fc5ba2da17111b6f44b465b8ed9
-
SHA1
b9a2ac2ce40f9fae1a9e4e34594e26dbdff78264
-
SHA256
eaabe5fc54d5c8f743fb6f46a11845f876f9dbfd0c86974d84abe3a0ee7ed793
-
SHA512
4ce78b19c2360e308f1cc6b97ac6111ba5f7ec74aee8a4b21184795788d98e2fa1c10b1045fad6f2a071ef5617c4df743cfc62e5b217808273850780f8e0eea3
-
SSDEEP
384:lVhwIDncspTX9vrh/+4Zp6MlSfdG2tr5O4OphUFrc0+vNi/D9PTanpzeRPUOkE5M:lkwn9R9vrl+0a8Cr8XUFtwME8R0F
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0b3f8fc5ba2da17111b6f44b465b8ed9
Files
-
0b3f8fc5ba2da17111b6f44b465b8ed9.sys windows:5 windows x86 arch:x86
8e2b383c60a63833eb9766d49f3aec94
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
wcscat
wcscpy
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
PsGetVersion
_wcslwr
wcsncpy
RtlAnsiStringToUnicodeString
ZwClose
swprintf
MmIsAddressValid
ZwUnmapViewOfSection
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
KeDelayExecutionThread
ZwCreateKey
IoRegisterDriverReinitialization
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 608B - Virtual size: 598B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ