Static task
static1
General
-
Target
25501ddf8c624c108e8c602a24f23850
-
Size
21KB
-
MD5
25501ddf8c624c108e8c602a24f23850
-
SHA1
1c22126ef1120ef1b5b5584854b1281bde312e46
-
SHA256
6219f09d92ae9013cc68ab1bc70f67f79492dab0e2cc95de3b4d99b8ce872874
-
SHA512
e954e71009d723342fb6f00250ca822940bc56a17e18aed6c54fca2989e27941d881c61a29c9d7049d2718657c20b6b0d578273d092fa9dcd66e9b2546a1b5fd
-
SSDEEP
384:5NVDYi1GiaValiJ1GunJRXY4besVIZKaqK3HEQanMcaS3KNVChul:rx8iaVSC5HbZPa6nnasMSc
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 25501ddf8c624c108e8c602a24f23850
Files
-
25501ddf8c624c108e8c602a24f23850.sys windows:5 windows x86 arch:x86
aa585e3a5befa2bc19776b172d6370de
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
MmIsAddressValid
ZwUnmapViewOfSection
KeDelayExecutionThread
ZwCreateKey
swprintf
wcscat
wcscpy
PsGetVersion
_wcslwr
wcsncpy
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 608B - Virtual size: 590B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ