Static task
static1
General
-
Target
2b1575fd8b6fb81d34bd9ace35cb70f6
-
Size
16KB
-
MD5
2b1575fd8b6fb81d34bd9ace35cb70f6
-
SHA1
564757a626513881c928a04bf5fd98442bce1ff0
-
SHA256
5a1d3368180365803379c81d2e91b706de9609b6136ce1dee1ccde07f5c5c823
-
SHA512
1771d14fd9a2bc5109401fb912d432ecde92e72cbb770f700f8ef9d5a53d4955ec476003651b143219c37d7f923f1d7234ad0bd4f97245e6c7bc600ed8c9399b
-
SSDEEP
384:TV2QIpPDhR3Py7cktoApNBlXIWzNBTE9eSD+PIRzWo:CuFprlX+iS
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2b1575fd8b6fb81d34bd9ace35cb70f6
Files
-
2b1575fd8b6fb81d34bd9ace35cb70f6.sys windows:4 windows x86 arch:x86
95ef832a5045a1085ab1fafa5d3d242e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlInitUnicodeString
IoCreateDevice
IoCreateSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
ZwWriteFile
ZwTerminateProcess
ZwReadFile
ZwQueryInformationProcess
ZwQueryInformationFile
ZwQueryDirectoryFile
ZwOpenThread
ZwOpenProcess
ZwDeleteFile
ZwCreateFile
ZwClose
ZwAllocateVirtualMemory
RtlCompareUnicodeString
NtLockFile
_strnicmp
PsLookupProcessByProcessId
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 640B - Virtual size: 630B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 576B - Virtual size: 568B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 960B - Virtual size: 950B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ