Static task
static1
General
-
Target
1095738eccb4e04635dfb11a9b2642a0
-
Size
27KB
-
MD5
1095738eccb4e04635dfb11a9b2642a0
-
SHA1
6e6cf9d2e7754c9ec91c748a5a8aef3905f49fc7
-
SHA256
bedbf63b521a7fb966a50611a193b6a9a4e0a03e2d434c2cfad743f05eb77d7e
-
SHA512
265814fe0891647c639efd5a9c002e61676103571033d8956529a053243daf6a93f6ce097e31bc01b5320c23055a7e404dd55da0358e2ec9e67bed20c83610ea
-
SSDEEP
384:HJ9DUpLsyUraNurYPzfC9ILXAhlQhth8NmkTFjuKRSTWNqNmzfih5Gr:DWhzNMYPz3LXA6cmkTFjl0TWNHz6S
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1095738eccb4e04635dfb11a9b2642a0
Files
-
1095738eccb4e04635dfb11a9b2642a0.sys windows:4 windows x86 arch:x86
bf6e32d1a7e7c4038087300fc8fb7f04
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
wcscat
swprintf
ZwClose
RtlInitUnicodeString
_strnicmp
wcslen
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwQuerySystemInformation
_wcsnicmp
RtlCopyUnicodeString
ObfDereferenceObject
ObQueryNameString
MmGetSystemRoutineAddress
RtlCompareUnicodeString
ExGetPreviousMode
wcscpy
_except_handler3
MmIsAddressValid
_stricmp
strncpy
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
IoGetCurrentProcess
RtlAnsiStringToUnicodeString
strncmp
ZwUnmapViewOfSection
IofCompleteRequest
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 736B - Virtual size: 724B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ