Static task
static1
General
-
Target
255114a7ca56fad2282afd2fbb74ecc4
-
Size
30KB
-
MD5
255114a7ca56fad2282afd2fbb74ecc4
-
SHA1
521dd922683f96ecfa4599e7ce46a8c9e557f399
-
SHA256
cf27a94e2c2b80487c3a3f6f4f2efc840a1d7cad1534e3e380dc253c4a28f50d
-
SHA512
010b9e1626b492009853867e8a1060d9970319600d37aecec6d262aa9b9dca4b41800467ce5250196101829199da006a77acf9cd7aedcda70f23f7604727009b
-
SSDEEP
384:PppPRlXRNQHKOpteVPcstcdmPWP6oH4lcJTkqtMKgvkjeGZKRVUnPHv:PHRZRaHBTeNTvPWCoHtJTTMKgvk33PP
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 255114a7ca56fad2282afd2fbb74ecc4
Files
-
255114a7ca56fad2282afd2fbb74ecc4.sys windows:4 windows x86 arch:x86
f4b46c8cdfe579b89ffa7b92aa73ba2e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
DbgLoadImageSymbols
MmUnmapViewOfSection
FsRtlRemoveLargeMcbEntry
PsRevertToSelf
ExFreePool
NtSetEaFile
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
KiCoprocessorError
strcmp
PsSetLegoNotifyRoutine
ZwNotifyChangeKey
CcMapData
MmDisableModifiedWriteOfSection
strcpy
ZwQueryInformationProcess
ZwDeleteFile
PsSetLoadImageNotifyRoutine
RtlImageNtHeader
RtlCompareUnicodeString
KiReleaseSpinLock
RtlFindSetBits
ExAllocatePool
CcPurgeCacheSection
IoWriteTransferCount
FsRtlAllocatePoolWithQuotaTag
IoIsSystemThread
RtlInitString
KeQuerySystemTime
DbgPrint
ZwDeviceIoControlFile
RtlDescribeChunk
FsRtlUninitializeOplock
Sections
.text Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 816B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.debug Size: 1024B - Virtual size: 663B
IMAGE_SCN_MEM_READ
.rsrc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ