Static task
static1
General
-
Target
284ff10275ceed171ae20323b32bdf7b
-
Size
8KB
-
MD5
284ff10275ceed171ae20323b32bdf7b
-
SHA1
8faf641bd279158def26146cb1f8359794697c85
-
SHA256
906fc2ba5af45fe86706dbdd391236d249c502c5a4dc5eb3f15b5b910e8fdce0
-
SHA512
621d6fb4b5b4da8440427a1177a538ef1a57d3ea8dc9549d0810882c1f80e57e68589d1a159938607c954dda5d2144c9d9c661342fd5eb6f1a0adc10a0ae22d2
-
SSDEEP
96:SDeQPAOvbQoBkxEfPEWku0GReQ2/MYPuFyyGecjShPk7Gvwx7Y5GcN6PhOYnigyD:SDhYEqNPuFyyGauLx7Y5J6nigftbe0
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 284ff10275ceed171ae20323b32bdf7b
Files
-
284ff10275ceed171ae20323b32bdf7b.sys windows:5 windows x86 arch:x86
35407e0e349350b41fd78df1287a6b89
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExFreePoolWithTag
sprintf
_strupr
ExAllocatePoolWithTag
RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwQueryValueKey
ZwEnumerateValueKey
ZwEnumerateKey
ZwOpenKey
ZwDeviceIoControlFile
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
wcscat
RtlFreeUnicodeString
wcscpy
RtlAnsiStringToUnicodeString
IofCompleteRequest
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
_wcsupr
ObReferenceObjectByHandle
ObfDereferenceObject
ObQueryNameString
RtlInitAnsiString
ZwClose
ZwSetValueKey
wcslen
wcsncmp
Sections
.text Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 910B - Virtual size: 1024B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 128B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ