Static task
static1
General
-
Target
13c656ce879820fc8ae2bbbdb59ab34a
-
Size
26KB
-
MD5
13c656ce879820fc8ae2bbbdb59ab34a
-
SHA1
1997d55fd418caa266ce4e2f1a6e8d3774e9b80e
-
SHA256
375a96967b7fa912b261d44cb41e47c1c4ef5577e3c0d3415c627e4afa61f68c
-
SHA512
c6e00567189e72d44f05692f5b43cb960e9c4c43519249cf7611637c3d4d9b4d2066076007cf971b512055c2b8288d5941ff15eeb24b6d0728f7bd61eb861baa
-
SSDEEP
384:tf2sUvicSIajfhNhHvi+2g/O4RNjm2DkEvifkP7hzYeqW9axtvwwMDRIRiW5/Ewv:t/PxMSDiOzYe7wMIituEXdVKaOeG
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 13c656ce879820fc8ae2bbbdb59ab34a
Files
-
13c656ce879820fc8ae2bbbdb59ab34a.sys windows:5 windows x86 arch:x86
a09d679ba7fd3eddad3cd98a2d9aae8c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
RtlInitUnicodeString
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
MmIsAddressValid
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
PsGetVersion
_wcslwr
wcsncpy
ZwUnmapViewOfSection
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwCreateKey
wcscat
wcscpy
IoRegisterDriverReinitialization
RtlAnsiStringToUnicodeString
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 616B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ