Static task
static1
General
-
Target
2a68648e3c214fe47d946fdca3b4db42
-
Size
49KB
-
MD5
2a68648e3c214fe47d946fdca3b4db42
-
SHA1
4a27d0a2c8eec73d4c48c8b4cb724a0f23da9338
-
SHA256
8a9fd1f8b9c0a0f77f0cde9d0428bf81d8a4829e91a56d57d154bbedf98b8356
-
SHA512
a6682a43ca3fc2e5696fdbf76b14dbe7805fcdbb93f55371f4f8aa9130890d10c633e2f06906040b4f9f15c18757284c7c6c48af66aa194101194e243926b73b
-
SSDEEP
768:YMmSWEDmtC26pO8a6pyBVC0UjvLZkx9Ba6mjjyr:G1CpcPUzL6JVr
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2a68648e3c214fe47d946fdca3b4db42
Files
-
2a68648e3c214fe47d946fdca3b4db42.sys windows:4 windows x86 arch:x86
7172f7bbde03f681c5bc9326ce0bd1e8
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlInitUnicodeString
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
MmIsAddressValid
ZwUnmapViewOfSection
wcscat
wcscpy
PsGetVersion
_wcslwr
wcsncpy
swprintf
IoRegisterDriverReinitialization
ZwCreateKey
PsTerminateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
Sections
.text Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 128B - Virtual size: 97B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 832B - Virtual size: 804B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 928B - Virtual size: 912B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 736B - Virtual size: 732B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ