Static task
static1
General
-
Target
24ac57f9c4cf38eb8131395373abe6b7
-
Size
9KB
-
MD5
24ac57f9c4cf38eb8131395373abe6b7
-
SHA1
48982c7b080be08731cc47521ea8d39dd3044f57
-
SHA256
5761293c750101f6da7ed25e10fb68efe13682baa561eb8c637a4c236d4d57de
-
SHA512
45ae143585ea7eabee9a2b394f999f6c7c8ba897d7eba0b1ae8a8cec573fa362683362e1f6c9191f331e7c231b20e801d11ae37b88678e5ff184848781269604
-
SSDEEP
96:k7TQoCvbfs6D0pI5RQ6NaQb+XY5fgWS1RFg7kka165DXVIJOlI1C2j:k7TQx9IpI5+IBb+o5flStg7kM5D26f
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 24ac57f9c4cf38eb8131395373abe6b7
Files
-
24ac57f9c4cf38eb8131395373abe6b7.sys windows:5 windows x86 arch:x86
7647e5f3b4b71536c8712f36b9aeb4cc
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoFreeMdl
MmUnlockPages
ExFreePoolWithTag
_stricmp
strrchr
ExAllocatePoolWithTag
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ObfDereferenceObject
IoDriverObjectType
MmGetSystemRoutineAddress
IoCreateFile
ZwClose
KeSetEvent
ZwQueryInformationFile
KeWaitForSingleObject
KeGetCurrentThread
MmProbeAndLockPages
IoAllocateMdl
IoAllocateIrp
KeInitializeEvent
KdDisableDebugger
IoGetCurrentProcess
ObReferenceObjectByHandle
IoFileObjectType
_allmul
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
ZwReadFile
IoFreeIrp
hal
KeStallExecutionProcessor
Sections
.text Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 896B - Virtual size: 791B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 640B - Virtual size: 604B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 896B - Virtual size: 892B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 384B - Virtual size: 346B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ