Static task
static1
General
-
Target
26f09cbfb09637a7ab82620bf6d96419
-
Size
30KB
-
MD5
26f09cbfb09637a7ab82620bf6d96419
-
SHA1
77da24261a92eddac9d6d1ff220968ad95680ca2
-
SHA256
8dc7fb34fd2792baed383d2847458c63ab539c98d42fc2fe860f54f90ecd8cdc
-
SHA512
47d7eea3b3af94b9dcf1d3ce33c9c9376ca9072cca40f79b47c317d59a3d214b4f1d4f7c327f24fcd4b9855c69dc2df632601a080d601307a6c36372b1926d01
-
SSDEEP
384:E30meohFQnTd4Y8Tdn2BfSlpImnQTpWlPUKpNzl47NsEEuHM0:Wdee+neDdnHpIn9UpTENsEEuHM0
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 26f09cbfb09637a7ab82620bf6d96419
Files
-
26f09cbfb09637a7ab82620bf6d96419.sys windows:4 windows x86 arch:x86
3159d7e23f5312d7423a46418988fc6b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
KeI386ReleaseGdtSelectors
IoWMIWriteEvent
ExFreeToPagedLookasideList
strcpy
SeImpersonateClientEx
ExLocalTimeToSystemTime
RtlAnsiStringToUnicodeString
ExInitializeZone
ZwLoadKey
ExSetResourceOwnerPointer
FsRtlCopyWrite
RtlCompareUnicodeString
ZwDisplayString
IoAllocateIrp
ExAllocatePool
ExFreePool
ObOpenObjectByName
KeQuerySystemTime
KeFindConfigurationEntry
strcmp
RtlUnicodeToOemN
Exi386InterlockedExchangeUlong
RtlFreeUnicodeString
DbgPrintReturnControlC
ZwQueryInformationProcess
RtlInitString
FsRtlIsHpfsDbcsLegal
DbgPrompt
ZwDeviceIoControlFile
FsRtlReleaseFile
RtlImageNtHeader
Sections
.text Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 592B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 663B
IMAGE_SCN_MEM_READ
.rsrc Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 42B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ