Static task
static1
General
-
Target
0ed01a5257305ee98f53903fc021dbd4
-
Size
20KB
-
MD5
0ed01a5257305ee98f53903fc021dbd4
-
SHA1
3ce383b08581521c3c381642bc5173f3e30e85cf
-
SHA256
937c1e4e8b7dd2977e7066053257e5ded5ff3a49fd6e91aff2147541b8c33429
-
SHA512
bd4aad84327c1e3d6cfcc9c75f8880edcf998e25f2b5d3e4ab35b05ba8339c23e65be2ad98d4fd7ac41eaeff55610174de91c539c33c59272e17798f37487834
-
SSDEEP
384:TTJGzIoiu7zZZGlyvjK7l5K+gfviwt6/2Qinx11oO5EMUzGE7xn:TTJGzjiu7zzEybK7/Knfviwo/ex11QFN
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0ed01a5257305ee98f53903fc021dbd4
Files
-
0ed01a5257305ee98f53903fc021dbd4.sys windows:5 windows x86 arch:x86
a8e5d5de3b88d79b7b863a09afcc98ee
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
MmIsAddressValid
ZwClose
ZwUnmapViewOfSection
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
_wcslwr
wcsncpy
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
KeDelayExecutionThread
ZwCreateKey
wcslen
swprintf
wcscat
wcscpy
ZwCreateFile
IoRegisterDriverReinitialization
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
strncmp
IoGetCurrentProcess
_wcsnicmp
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 632B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ