Static task
static1
General
-
Target
0cff9f34c301d2d9b57276d49c98f6ae
-
Size
22KB
-
MD5
0cff9f34c301d2d9b57276d49c98f6ae
-
SHA1
7eb787c305caec378ff1fb6b0acd594c839c7bb4
-
SHA256
b85f7a219bdf95a82d28f308bc1e38070aafb28cc179ac6430990466f46f4c1a
-
SHA512
dbc31f7f47c863dbfd673cb45131ce29f98f0021918d340c8b1735d4feb3fcd185d61695c24b68903c1b4def39c76d0ad529bf9e8f00f20a1211eeb00933a555
-
SSDEEP
384:7bEkAN1Hl5P/EtUe072nd2Lus80Tv1OpctIjYYBY9F6xw83RNReacUtRMbHOuEun:7z3q++uAieM8w2jbO+j
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0cff9f34c301d2d9b57276d49c98f6ae
Files
-
0cff9f34c301d2d9b57276d49c98f6ae.sys windows:5 windows x86 arch:x86
6c2abfd64738d407cb5c069fe82d2902
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlInitUnicodeString
MmIsAddressValid
ZwClose
ZwCreateFile
IoRegisterDriverReinitialization
RtlAnsiStringToUnicodeString
swprintf
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
_wcslwr
wcsncpy
ZwUnmapViewOfSection
KeDelayExecutionThread
ZwCreateKey
wcslen
wcscat
wcscpy
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
strncmp
IoGetCurrentProcess
_wcsnicmp
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 610B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ