Static task
static1
General
-
Target
2d1af1d018641d6226775ba5a9eaec52
-
Size
11KB
-
MD5
2d1af1d018641d6226775ba5a9eaec52
-
SHA1
73b14c857bdbbcd04ce9db48feb7f817cf4b7668
-
SHA256
d1b01ea6bd62e389abdc3f8691c2f97c3e578b0406377fb0356f998815787d8a
-
SHA512
152100dcbe61fc126ec736956faef89a55b985d9566f94f5f731aa79e22dce5f68b71b8679e8b3b2731e53946e47aa7389cab617a39f074bf548e7e1437ab08f
-
SSDEEP
192:JIdHSreDO9Fr3B8iaRFyZh1HYlqjVvoZB6AMgwRE8MZSpVhp78ehZ:GtSreeBtaeZz4luPgX8MZ+Vn
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2d1af1d018641d6226775ba5a9eaec52
Files
-
2d1af1d018641d6226775ba5a9eaec52.sys windows:5 windows x86 arch:x86
aabb32584e876d17374d1d60d0277e39
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
ntoskrnl.exe
ZwClose
ZwQueryValueKey
ZwOpenKey
ExFreePool
ZwCreateFile
ExAllocatePoolWithTag
PsLookupProcessByProcessId
RtlCompareUnicodeString
ZwQuerySystemInformation
PsGetVersion
strrchr
_strnicmp
_stricmp
strncmp
IoGetCurrentProcess
RtlCompareString
RtlInitString
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwSetSecurityObject
ZwEnumerateValueKey
ZwEnumerateKey
ZwQueryKey
ZwSetValueKey
ZwRestoreKey
ZwReplaceKey
ZwFlushKey
ZwDeleteValueKey
MmIsAddressValid
ZwCreateKey
ZwQueryInformationFile
ZwSetInformationFile
ZwReadFile
ZwOpenSection
KeServiceDescriptorTable
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
_except_handler3
KeDetachProcess
KeAttachProcess
ZwFlushVirtualMemory
InterlockedExchange
RtlCompareMemory
ZwDeleteKey
RtlInitUnicodeString
hal
KfLowerIrql
KfRaiseIrql
Sections
.text Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 832B - Virtual size: 832B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 960B - Virtual size: 950B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ