Static task
static1
General
-
Target
102dd2ba9a215fef960d3fe3bc11c4b9
-
Size
22KB
-
MD5
102dd2ba9a215fef960d3fe3bc11c4b9
-
SHA1
2f4f7b6d7380e6cda28c9d815c818b197eb529f0
-
SHA256
4e8f23cb86f9aaf598903a06cea90ceea76834564ffe71248e715f15507a70ec
-
SHA512
061257d06c02aa415d8c934f82818ff964189146b5fe3fa5c1269fd0a1faf1a9258cbf44bde041c68a9ed6b77b2097278f559e6c29683c16b566f2c1991b6081
-
SSDEEP
384:tXJZa2Z3mB/N5qJwlLeXeLi4SShfaXeYCqzSNUPK5VdEQ6+Ho:tXHF+N4IeXSL7Ft
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 102dd2ba9a215fef960d3fe3bc11c4b9
Files
-
102dd2ba9a215fef960d3fe3bc11c4b9.sys windows:5 windows x86 arch:x86
d0ec040f8a172a8978874f8ccb5fbf67
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
ZwCreateFile
IoRegisterDriverReinitialization
swprintf
MmIsAddressValid
KeDelayExecutionThread
ZwCreateKey
wcslen
wcscat
wcscpy
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
strncmp
IoGetCurrentProcess
_wcsnicmp
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
_wcslwr
wcsncpy
ZwUnmapViewOfSection
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 608B - Virtual size: 592B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ