Static task
static1
General
-
Target
3aa9d10ead53c596165caec11aa9b1ac
-
Size
49KB
-
MD5
3aa9d10ead53c596165caec11aa9b1ac
-
SHA1
446678a1af83f3d357a21c38e02bef0217bb7e7f
-
SHA256
ba46e913c9a117fd160db1538d8906403bbd462dffcfef84fafacf7b6e783599
-
SHA512
69e27bb9b010af1d3c21cfb36cecec421b9039ea9ebe479d013250e0274d40caab08c2f79042726fbbf03fa9eb9f0b1cfe9c87407ad763d7c2183f917bade496
-
SSDEEP
1536:Zlbmbcn9eYNrYbCSKwzMMlkaXyCIPPAj1UWhV:xmCZ3wZ7
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3aa9d10ead53c596165caec11aa9b1ac
Files
-
3aa9d10ead53c596165caec11aa9b1ac.sys windows:4 windows x86 arch:x86
c08a30e0fcf8f998744746f9ba8eee89
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
RtlInitUnicodeString
MmIsAddressValid
wcscat
wcscpy
ZwClose
ZwCreateFile
ZwUnmapViewOfSection
MmGetSystemRoutineAddress
PsGetVersion
_wcslwr
wcsncpy
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
_stricmp
strncpy
KeInitializeTimer
IofCompleteRequest
ZwCreateKey
swprintf
RtlAnsiStringToUnicodeString
Sections
.text Size: 42KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 224B - Virtual size: 214B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 704B - Virtual size: 700B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 928B - Virtual size: 912B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 768B - Virtual size: 744B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ