Static task
static1
General
-
Target
1965c77fd148302d12caec7ff47e94fd
-
Size
48KB
-
MD5
1965c77fd148302d12caec7ff47e94fd
-
SHA1
d91fbbc4345bb5ecb822a696d145a5e385c5742d
-
SHA256
c447aa676a89ee3c9af7742670e702a6e978a95ce7c2559e3e0ac8df9957cdc7
-
SHA512
5d6a78ef3ceeaa92c981e7b9faff8159358674dc5fead5f58b8fdd334c310a4b90f48a88d27c566dd9be728b72061da1a843de3b6e80da0b6e0a2beca9d4b77d
-
SSDEEP
768:YKMdGhQkJJS/l296kGWQ7TIOtQTyGqKhLRGzOhn4nctdvD/DGoI6+HNH65lceos:S96KWHJL42b
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1965c77fd148302d12caec7ff47e94fd
Files
-
1965c77fd148302d12caec7ff47e94fd.sys windows:4 windows x86 arch:x86
4199c20cb909cefe277a2228d130eec2
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
RtlInitUnicodeString
PsTerminateSystemThread
wcscat
wcscpy
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
MmIsAddressValid
RtlAnsiStringToUnicodeString
PsGetVersion
_wcslwr
wcsncpy
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwCreateKey
wcslen
swprintf
ZwUnmapViewOfSection
MmGetSystemRoutineAddress
strncmp
IoGetCurrentProcess
_wcsnicmp
Sections
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 224B - Virtual size: 200B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 768B - Virtual size: 764B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 928B - Virtual size: 912B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 736B - Virtual size: 732B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ