Static task
static1
General
-
Target
3e11e0c79a050a5d147db786ad026ebd
-
Size
17KB
-
MD5
3e11e0c79a050a5d147db786ad026ebd
-
SHA1
cdd7ccdb39ecb211be0ebbd0dc90df79b686e348
-
SHA256
a107773724dd0a25a09a28d7ef8d5ad952906e61ebaf27df363b7b57acdc86e2
-
SHA512
dc289160b58c7bc574b9cc0903ae0fec038c3a3f9d95b2689c1ff7da8d524805235a67adb6c4cdf066c7be823ee09e5228bceb41a63d988e5962f4b6987bac2b
-
SSDEEP
192:mi31TX4qU0Oijkgb7UxOyuvUWh2ecd+sxAPACaoiQFoPVlTpFhyIs4PrHlAI/XvX:31ThOiog8xPhWoFH6Yi69jr3HK2X
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3e11e0c79a050a5d147db786ad026ebd
Files
-
3e11e0c79a050a5d147db786ad026ebd.sys windows:5 windows x86 arch:x86
259d148c5f73749ca2147ec15a0a575f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoGetCurrentProcess
strncpy
ZwDeleteKey
ZwEnumerateKey
ZwOpenKey
IoGetRelatedDeviceObject
ZwCreateFile
ZwReadFile
ZwQueryInformationFile
swprintf
KeReleaseMutex
KeWaitForSingleObject
KeInitializeEvent
KeInsertQueueApc
KeInitializeApc
KeClearEvent
ObfDereferenceObject
PsLookupThreadByThreadId
IoFreeMdl
KeDetachProcess
MmMapLockedPages
KeAttachProcess
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmUnmapLockedPages
NtSetInformationProcess
ObReferenceObjectByHandle
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
KeInitializeMutex
wcstombs
IofCompleteRequest
ProbeForRead
_strnicmp
KeGetCurrentThread
KeSetEvent
KeServiceDescriptorTable
MmProbeAndLockPages
ObfReferenceObject
SeDeleteAccessState
RtlCopyUnicodeString
SeSetAccessStateGenericMapping
RtlMapGenericMask
SeCreateAccessState
ObCreateObject
IoFileObjectType
IoFreeIrp
IoAllocateIrp
ZwOpenFile
wcslen
IoReuseIrp
ProbeForWrite
MmUnlockPages
IoCancelIrp
IofCallDriver
_allmul
KeUnstackDetachProcess
KeStackAttachProcess
_except_handler3
_wcsnicmp
ZwQuerySystemInformation
_stricmp
ExFreePoolWithTag
wcscpy
PsGetCurrentProcessId
wcsncpy
_wcslwr
wcsstr
ExAllocatePoolWithTag
PsCreateSystemThread
ZwClose
KeDelayExecutionThread
RtlInitUnicodeString
ZwCreateEvent
wcschr
PsTerminateSystemThread
hal
ExReleaseFastMutex
ExAcquireFastMutex
Sections
.text Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ