Static task
static1
General
-
Target
3dd637d915c9d80d8960640e226822c9
-
Size
44KB
-
MD5
3dd637d915c9d80d8960640e226822c9
-
SHA1
4f5e913421367e7fbbca261041570d39d865e408
-
SHA256
e4a60a9ae37546ca36f04b37d55fbef301bc8e1ed3b95bf1c8e5fd2ad839e68c
-
SHA512
ca980fd17af0e32e002d8c9ade6a4bc31e2fab6d7332fbbd1ea881601ef15f55532143bb6a34a6729e863b7a58c38950f838a6b4402b7e880bcbd1ca946c4ed1
-
SSDEEP
768:A5Q55jBzRRVzmZm/ZGDi6AOvso+FZSuIJDbYfATr0S+DHKx:AG5LtakoDinssFFZSVJDbYYTr
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3dd637d915c9d80d8960640e226822c9
Files
-
3dd637d915c9d80d8960640e226822c9.sys windows:4 windows x86 arch:x86
44293d9577fa5c26f21d19201accc20f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlAnsiStringToUnicodeString
PsSetCreateProcessNotifyRoutine
RtlInitUnicodeString
wcscat
wcscpy
ZwCreateFile
ZwSetValueKey
ZwClose
ZwOpenKey
ZwEnumerateKey
PsGetVersion
_wcslwr
wcsncpy
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
MmGetSystemRoutineAddress
IoRegisterDriverReinitialization
swprintf
MmIsAddressValid
ZwUnmapViewOfSection
ZwCreateKey
wcslen
strncmp
IoGetCurrentProcess
_wcsnicmp
Sections
.text Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 224B - Virtual size: 197B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 928B - Virtual size: 900B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 704B - Virtual size: 696B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ