Static task
static1
General
-
Target
0cbe523542afd51a5311f5ae1a19f1e0
-
Size
8KB
-
MD5
0cbe523542afd51a5311f5ae1a19f1e0
-
SHA1
b6a122e6f2a9d0502f01b1366a789652e9635e78
-
SHA256
6a9ea2eb1cbdd6cf0f9cbb84c45699e0b055ff11431d264999ed0b9949c5be7b
-
SHA512
53d5352c1c9d36fd7a078f043f970e9be02a86c1e7f9e5bad4a2e640066cdab6b0e47926d9d1f77e7706387a2c31709b53027136d82e1abb638f470dfd08308b
-
SSDEEP
192:AcSuoEBBDU6aANwVYmgOjBGDG1LgARqS:8OPDU6aA7xOCMg
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0cbe523542afd51a5311f5ae1a19f1e0
Files
-
0cbe523542afd51a5311f5ae1a19f1e0.sys windows:4 windows x86 arch:x86
23b91f653455fe14db3c38c9fc600f9b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoGetDeviceObjectPointer
ObDereferenceObject
ObReferenceObjectByName
RtlAnsiStringToUnicodeString
RtlDelete
RtlDeleteAce
RtlDeleteAtomFromAtomTable
RtlDeleteElementGenericTable
RtlDeleteNoSplay
RtlDeleteOwnersRanges
RtlDeleteRange
RtlDeleteRegistryValue
RtlDescribeChunk
RtlDestroyAtomTable
RtlDestroyHeap
RtlDowncaseUnicodeString
RtlEmptyAtomTable
RtlEnlargedIntegerMultiply
RtlEnlargedUnsignedDivide
RtlEnlargedUnsignedMultiply
RtlEnumerateGenericTable
RtlEnumerateGenericTableWithoutSplaying
RtlEqualLuid
RtlEqualSid
RtlEqualString
RtlEqualUnicodeString
RtlExtendedIntegerMultiply
RtlExtendedLargeIntegerDivide
RtlExtendedMagicDivide
RtlFillMemory
RtlFillMemoryUlong
RtlFindClearBits
RtlFindClearBitsAndSet
RtlFindClearRuns
RtlFindFirstRunClear
RtlFindLastBackwardRunClear
RtlFindLeastSignificantBit
RtlFindLongestRunClear
RtlFindMessage
RtlFindMostSignificantBit
RtlFindNextForwardRunClear
RtlFindRange
RtlFindSetBits
RtlFindSetBitsAndClear
RtlFindUnicodePrefix
RtlFormatCurrentUserKeyPath
RtlFreeAnsiString
RtlFreeHeap
RtlFreeOemString
RtlFreeRangeList
RtlFreeUnicodeString
RtlGUIDFromString
RtlGenerate8dot3Name
IoGetCurrentProcess
RtlGetCallersAddress
RtlGetCompressionWorkSpaceSize
RtlGetDaclSecurityDescriptor
RtlGetDefaultCodePage
RtlGetElementGenericTable
RtlGetFirstRange
RtlGetGroupSecurityDescriptor
RtlGetNextRange
RtlGetNtGlobalFlags
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlImageDirectoryEntryToData
RtlImageNtHeader
RtlInitAnsiString
ZwAccessCheckAndAuditAlarm
ZwAdjustPrivilegesToken
ZwAlertThread
ZwAllocateVirtualMemory
ZwCancelIoFile
ZwCancelTimer
ZwClearEvent
ZwClose
ZwCloseObjectAuditAlarm
ZwConnectPort
ZwCreateDirectoryObject
ZwCreateEvent
ZwCreateFile
ZwCreateKey
ZwCreateSection
ZwCreateSymbolicLinkObject
ZwCreateTimer
ZwDeleteFile
ZwDeleteKey
ZwDeleteValueKey
ZwDeviceIoControlFile
ZwDisplayString
ZwDuplicateObject
ZwDuplicateToken
ZwEnumerateKey
ZwEnumerateValueKey
ZwFlushInstructionCache
ZwFlushKey
ZwFlushVirtualMemory
ZwFreeVirtualMemory
ZwFsControlFile
ZwOpenKey
ZwQueryDirectoryFile
ZwQuerySystemInformation
ZwSetValueKey
ZwTerminateProcess
ZwYieldExecution
KeServiceDescriptorTable
IoDriverObjectType
IoCallDriver
RtlGetAce
IoBuildDeviceIoControlRequest
ndis.sys
NdisRegisterProtocol
NdisDeregisterProtocol
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 480B - Virtual size: 475B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 608B - Virtual size: 608B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 672B - Virtual size: 648B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ