Static task
static1
General
-
Target
11533b580b63ee207150f29410d99874
-
Size
20KB
-
MD5
11533b580b63ee207150f29410d99874
-
SHA1
d6840e70535519c6d0fdabbdc1090c10db32f962
-
SHA256
8ce5235a721f03aa0e474e830c80e625061161a7a7215d8241bf7a7b25e9b061
-
SHA512
b3b993cf7ea78b4c336179eeb3331c68334612617e3a2dd4d3bf76818f3877ffa2feb42089341efd5a36ed56f53c1af3d2b0bf371ead9ebd4e8f86b34f9cdca1
-
SSDEEP
96:ZoL4nLAz/+rmrvFHXZoSstnfsbuoIrj4ZrZTJh0DuHjC4kqEB+nL+p+ua1Ktoib:E4nLI/+8vL4EwMZrZdh0km1vgnLst/e
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 11533b580b63ee207150f29410d99874
Files
-
11533b580b63ee207150f29410d99874.sys windows:5 windows x86 arch:x86
0aacc2b50ecc7315cd3ce4d862d7e57d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IofCompleteRequest
MmIsAddressValid
RtlFreeAnsiString
_strupr
RtlUnicodeStringToAnsiString
strncmp
IoGetCurrentProcess
strrchr
PsGetCurrentThreadId
PsGetCurrentProcessId
strstr
PsLookupProcessByProcessId
strncpy
RtlInitUnicodeString
KeServiceDescriptorTable
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwReadFile
ZwClose
ZwCreateFile
ExFreePool
ExAllocatePoolWithTag
IoCreateSymbolicLink
IoCreateDevice
DbgPrint
IoDeleteDevice
IoDeleteSymbolicLink
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 224B - Virtual size: 212B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 96B - Virtual size: 67B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 736B - Virtual size: 716B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 480B - Virtual size: 450B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ