Static task
static1
General
-
Target
4030005518a97ad57e85deb5055c62b4
-
Size
40KB
-
MD5
4030005518a97ad57e85deb5055c62b4
-
SHA1
a66546a609dce39404bbface1c3d48ab44b34882
-
SHA256
541f571415be48b01d7a44f843ca170362e3917521f55b8edb687f538ca5fcbf
-
SHA512
e4aa20c490c7ad65eb64f9cd17791b7a643f0ef99b211c3ae08b7ee97f6f094b3e0e0b2e43038b2f68a2ec6741031b5f9b52fb4885b2c937bbf738e293bbb683
-
SSDEEP
768:3t8q4WKUJWu5UjHuNR1jQhzqjjc17CmHFvXcuPS+EpgRnqpnc/I4B0z:3t4WtJWu5Su98hqjm2IXc2YgR6QO
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4030005518a97ad57e85deb5055c62b4
Files
-
4030005518a97ad57e85deb5055c62b4.sys windows:4 windows x86 arch:x86
103b709846dd618c3b4d1e90ce945b64
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PsSetCreateProcessNotifyRoutine
ZwSetValueKey
RtlAnsiStringToUnicodeString
MmIsAddressValid
ZwClose
ZwDeleteKey
ZwOpenKey
RtlInitUnicodeString
_wcsnicmp
wcslen
ObfDereferenceObject
strncpy
PsLookupProcessByProcessId
_stricmp
swprintf
_wcsicmp
wcsncpy
wcsrchr
RtlCompareUnicodeString
wcsstr
_wcslwr
ZwQueryValueKey
ExFreePool
_snprintf
ExAllocatePoolWithTag
_except_handler3
strncmp
IoGetCurrentProcess
PsCreateSystemThread
ZwCreateKey
KeDelayExecutionThread
KeQuerySystemTime
ObReferenceObjectByHandle
PsGetVersion
_snwprintf
wcschr
ZwCreateFile
KeTickCount
KeQueryTimeIncrement
IoRegisterDriverReinitialization
MmGetSystemRoutineAddress
wcscat
wcscpy
ZwSetInformationFile
RtlCopyUnicodeString
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IoDeviceObjectType
IofCompleteRequest
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 51B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ