Static task
static1
General
-
Target
188aac641e08bebede8795e27fa48a5b
-
Size
27KB
-
MD5
188aac641e08bebede8795e27fa48a5b
-
SHA1
c7c0fd9d7d034d21dce725eec4a446dcbc50b8d8
-
SHA256
6b7138485784a83176b6d9968f6995c39e5ab01d9fb9b1b416dacaaa22567601
-
SHA512
959361e87b5c1c5b06e8777b446c4c4e7ce24ba95225e052cf42d383ae30d9b2b0423c010f4338582a88e9ccd4cde2eb741f80283ab86a7c95e9ab1816a48b64
-
SSDEEP
768:TQQ/A+rx7/2btO3f9NToT1o9aUaea+NdPk:T3A6B8O3FuwaUaea+NdPk
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 188aac641e08bebede8795e27fa48a5b
Files
-
188aac641e08bebede8795e27fa48a5b.sys windows:4 windows x86 arch:x86
aadb7d6001c420e003f7652917ea9f82
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
_strnicmp
swprintf
wcscat
wcscpy
_stricmp
strncpy
MmGetSystemRoutineAddress
RtlInitUnicodeString
IoGetCurrentProcess
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
wcslen
RtlAnsiStringToUnicodeString
_except_handler3
KeServiceDescriptorTable
ZwUnmapViewOfSection
ExFreePool
ExAllocatePoolWithTag
_wcsnicmp
IofCompleteRequest
RtlCompareUnicodeString
ExGetPreviousMode
MmIsAddressValid
RtlCopyUnicodeString
strncmp
ObfDereferenceObject
ObQueryNameString
_snprintf
ZwQuerySystemInformation
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 768B - Virtual size: 756B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ