Static task
static1
General
-
Target
0e13c01dcd1944d12ba5df44f9cebdd5
-
Size
13KB
-
MD5
0e13c01dcd1944d12ba5df44f9cebdd5
-
SHA1
0952cda4baee0f42be601343c476824a25058e4e
-
SHA256
337b82f5d2f94691b8b0c70cf992768ac0859f72c7c92d628a4a60c6ca640c0a
-
SHA512
d51a9fec9dd0f6350dd7178c8002b48d2c5ecb355284f7f34107e6ed9b6341b66568e75a92e4e4d96960a03ba0d957f4a32c593dfe5bede03a62be67ecdf5895
-
SSDEEP
192:yL/o6mAGg6KWlqTviwPh5iSfJLfnR3LQsw/yAdEYHAEvMv+2TsPRJzZs:eo6DGzFivbPhU+JLZu/y2UW2TWRhZs
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0e13c01dcd1944d12ba5df44f9cebdd5
Files
-
0e13c01dcd1944d12ba5df44f9cebdd5.sys windows:4 windows x86 arch:x86
4194e97bc06be44915b4b782ed892fe4
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
RtlInitUnicodeString
strrchr
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strstr
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
RtlAnsiStringToUnicodeString
srand
toupper
ZwCreateKey
wcslen
wcscat
wcscpy
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
MmIsAddressValid
isupper
ZwCreateFile
IoRegisterDriverReinitialization
atoi
tolower
isprint
islower
strchr
_wcslwr
wcsncpy
PsGetVersion
isspace
ZwUnmapViewOfSection
PsSetCreateProcessNotifyRoutine
isxdigit
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
DbgPrint
isdigit
atol
strncmp
IoGetCurrentProcess
_wcsnicmp
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 800B - Virtual size: 776B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ