Static task
static1
General
-
Target
3db810be1b1594c5d448e7481c8a5e7f
-
Size
40KB
-
MD5
3db810be1b1594c5d448e7481c8a5e7f
-
SHA1
8e7d823c80e519ade5559d8665aad3982d71fc22
-
SHA256
3719b437561dba083a8890f133e6606c9d836c01d2ac7360b52647facef7af61
-
SHA512
32107995263f842453a33d27abb6cdaa937916b4e886b7a30bcab45c8cfb78bbe3102d8fb6224d8eea39486c3d9c16117dbca1b111be54ffc34aec526e2b16a5
-
SSDEEP
768:NBLf2Ihh/bfcM9tcabJxjgRssld1PmG06FTY3v6yoBmB9SNXTdfN/:NBLf2I3/bfc0tcguld1Pd03ZoBS9A1/
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3db810be1b1594c5d448e7481c8a5e7f
Files
-
3db810be1b1594c5d448e7481c8a5e7f.sys windows:4 windows x86 arch:x86
56f08f89ba5d2dfe30912b2174b8bb84
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmIsAddressValid
IoDeviceObjectType
_stricmp
swprintf
wcsstr
_wcslwr
ZwClose
ZwOpenKey
strncpy
IoGetCurrentProcess
ZwSetValueKey
wcslen
ZwCreateKey
RtlInitUnicodeString
wcsncpy
wcsrchr
_wcsnicmp
ObfDereferenceObject
ExFreePool
_snprintf
ExAllocatePoolWithTag
_snwprintf
PsCreateSystemThread
strncmp
wcscat
wcscpy
KeDelayExecutionThread
KeQuerySystemTime
ZwQueryValueKey
PsSetCreateProcessNotifyRoutine
PsGetVersion
_except_handler3
_wcsicmp
ZwDeleteKey
ObReferenceObjectByHandle
PsLookupProcessByProcessId
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
RtlCompareUnicodeString
wcschr
IoRegisterDriverReinitialization
MmGetSystemRoutineAddress
ZwSetInformationFile
ZwCreateFile
RtlAnsiStringToUnicodeString
KeTickCount
KeQueryTimeIncrement
RtlCopyUnicodeString
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 64B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ