Static task
static1
General
-
Target
25fe3d52e7f1fcb004fc04349d0c45ca
-
Size
22KB
-
MD5
25fe3d52e7f1fcb004fc04349d0c45ca
-
SHA1
c83a7f6128e10f18674cc3d4ef390ecd8d61ad1e
-
SHA256
9d6a4b595fc21d4bc7b2a2837cf83acf89c4188239caa4c91c3f2bb3d3ff0ec3
-
SHA512
95ce8f06e443ad5f44d9f0b5252bc7d9af429b03b8e9a720c9d14de3d6c7f286500ada53a3b7982e96e012e421376d02cae0593526c23aa3bac3f5ffb68d2510
-
SSDEEP
384:hX+yfjKge/Pnww+CNUPbxQ2JdUgc+oeOQGn9VnWZd2LZuXycVuvjQp3F+qo0r:Egev0mZfRLcVp1zoA
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 25fe3d52e7f1fcb004fc04349d0c45ca
Files
-
25fe3d52e7f1fcb004fc04349d0c45ca.sys windows:5 windows x86 arch:x86
a3ebab0e7d06dada693301781a2c62ad
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwCreateFile
ZwSetValueKey
ZwClose
ZwOpenKey
ZwEnumerateKey
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
MmIsAddressValid
IoRegisterDriverReinitialization
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
PsGetVersion
_wcslwr
wcsncpy
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
ZwUnmapViewOfSection
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
ZwCreateKey
wcscat
wcscpy
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 624B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ