Static task
static1
General
-
Target
278c306d495f45272590d4f34facf6ce
-
Size
49KB
-
MD5
278c306d495f45272590d4f34facf6ce
-
SHA1
cfa9a556d5af9f834a0e0aa5bcf758e96fb2f812
-
SHA256
fa11ee18a707063f6559c01e620252171557b183ef4787865868164a525b378f
-
SHA512
ef1758595c20803886bfe6618fa6d37b2f2aa963fd43bb09652035e9ee3d06cacb48d9ead2bb2cbc193108eccdadb43bb51a44bbe5e6897bc1e6ece6a5130702
-
SSDEEP
768:Eu9ooKJfRu6cc2QTH5xl+novKK7VTQiGZkGk0JzL1UzPwCWjsMsn:ptKO7SGs
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 278c306d495f45272590d4f34facf6ce
Files
-
278c306d495f45272590d4f34facf6ce.sys windows:4 windows x86 arch:x86
a90dca83b8e51a972eed660300d553b5
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwCreateFile
RtlInitUnicodeString
ZwCreateKey
wcslen
swprintf
wcscat
wcscpy
PsGetVersion
_wcslwr
wcsncpy
MmIsAddressValid
RtlAnsiStringToUnicodeString
_stricmp
strncpy
KeInitializeTimer
IofCompleteRequest
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
MmGetSystemRoutineAddress
ZwUnmapViewOfSection
strncmp
IoGetCurrentProcess
_wcsnicmp
Sections
.text Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 96B - Virtual size: 86B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 704B - Virtual size: 700B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 928B - Virtual size: 912B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 768B - Virtual size: 746B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ