Static task
static1
General
-
Target
21ee23fd1de3094be6693f54ad879400
-
Size
8KB
-
MD5
21ee23fd1de3094be6693f54ad879400
-
SHA1
3bc3c7ed6d43e708df965e5dbf364cdf1a482857
-
SHA256
51c85982a70f3bb690485a4227295a49cdae2636a79638f38b56ef3857e51cd0
-
SHA512
47b89af11197e123039d8be59055263b477a88439d5f69e6ba66e9db8f456dd37fe8b6e11fcf9a706c4fe75b72c9e819e45a9793edcab017066b9b6e550a4f35
-
SSDEEP
96:wSb8MYF39JA2t1S7NH6gylks9YTHI8vo+Msb71I+SR8SMlxyto5jou0u:wl/JV/g3L71IdRQyec
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 21ee23fd1de3094be6693f54ad879400
Files
-
21ee23fd1de3094be6693f54ad879400.sys windows:10 windows x64 arch:x64
ecc63ffbf2a3eb2769c64df8aaa4f034
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
strcpy_s
wcscpy_s
RtlInitUnicodeString
DbgPrint
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
PsLookupProcessByProcessId
ObOpenObjectByPointer
PsGetProcessSectionBaseAddress
IoCreateDriver
__C_specific_handler
PsProcessType
IoGetCurrentProcess
ObfDereferenceObject
MmGetPhysicalAddress
KeAttachProcess
KeDetachProcess
MmCopyVirtualMemory
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 1024B - Virtual size: 916B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 20B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ