Static task
static1
General
-
Target
2123887e7e8ab8db690560725160d3ee
-
Size
23KB
-
MD5
2123887e7e8ab8db690560725160d3ee
-
SHA1
bd478eacf5108adf05d96ee0cea3cef1cd7f8412
-
SHA256
2e09cd3b483ea555b5a717a32f1d33e7b8c9f2d309025ac3eca2c06bd814c29a
-
SHA512
b02f59da419bb7f4d237d0be3db37ac07b0b0c162fed73ffd37e57a9bdcf12442a3619fbfed3d4d8ebdf488c9c66cdb9125d616ca685e5fa2051c5a2fce52d9c
-
SSDEEP
384:jZYZUW5MGZTlB8T3mea4FD45PtL2HZmMPe+TkbLATf45wBxiYNtluW/nqvhvTcK9:j2UWCGZTlB8T3mea4FD45PtL2HZmx+T/
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2123887e7e8ab8db690560725160d3ee
Files
-
2123887e7e8ab8db690560725160d3ee.sys windows:5 windows x86 arch:x86
15755f5240c48c61d4898783a949e9fe
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmIsAddressValid
ZwClose
ZwUnmapViewOfSection
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
PsGetVersion
_wcslwr
wcsncpy
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
swprintf
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
RtlAnsiStringToUnicodeString
ZwCreateKey
wcscat
wcscpy
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IoRegisterDriverReinitialization
Sections
.text Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 576B - Virtual size: 570B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ