Static task
static1
General
-
Target
2488c3af416c679c3ef7a0ed9b5a7a08
-
Size
47KB
-
MD5
2488c3af416c679c3ef7a0ed9b5a7a08
-
SHA1
e57ede5a9cbd3ab84ad1b95359e01650566335e4
-
SHA256
33163c9cb14993aa7978ab403eb6c53ee5c0620511088f0837d38b4e61472fdd
-
SHA512
d786b487f4a68ef623a94d7edd5d5a8a7274aa94fb2b4d24c76a17daab9541c7879e5bffba998843cb2a075599dcbf37e06f62361400545df62fe1951e30dc56
-
SSDEEP
768:BXuN5ulDR5YwwiKSQkLrnS1hGz6sGD0Vb/MYTPrCvz3l1JbG1Ie3kp+NzCjhmq7J:R4YRewBFQanS1hGz6sGD0Vb/MYTP+vzn
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2488c3af416c679c3ef7a0ed9b5a7a08
Files
-
2488c3af416c679c3ef7a0ed9b5a7a08.sys windows:4 windows x86 arch:x86
5083fefb6d369c434eb3e05b2dd93770
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwCreateFile
RtlInitUnicodeString
ZwCreateKey
wcslen
swprintf
wcscat
wcscpy
MmIsAddressValid
PsGetVersion
_wcslwr
wcsncpy
MmGetSystemRoutineAddress
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
strncmp
IoGetCurrentProcess
_wcsnicmp
ZwUnmapViewOfSection
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
_stricmp
strncpy
KeInitializeTimer
IofCompleteRequest
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 160B - Virtual size: 136B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 704B - Virtual size: 700B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 928B - Virtual size: 912B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 736B - Virtual size: 728B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ