Static task
static1
General
-
Target
41bc20b2c4f8e435ad9e83396cacbfd6
-
Size
40KB
-
MD5
41bc20b2c4f8e435ad9e83396cacbfd6
-
SHA1
d4ceaa5e6ae8b06fd4fc742a855acdd8298d5922
-
SHA256
900461115ca20a5760ea3497283da70cb8895d46ecc97d85ca170eff6c3b7992
-
SHA512
38414a1ea458f0bda27b6afb8063ace403781b7beb7ec8c6efb22ea59f4111aaf377b143ab0510a8c72e3b6fde1519c500f6b4e066e1620722f7cce0b862ecb4
-
SSDEEP
768:UEprStQzwiki7V9okj3xErKJLm+0ySORBamqr9HFHR+CgzhLQ04Wg9vwi:U2StOwP8Hj32rGLckRBam8HFHR+vgWgv
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 41bc20b2c4f8e435ad9e83396cacbfd6
Files
-
41bc20b2c4f8e435ad9e83396cacbfd6.sys windows:4 windows x86 arch:x86
6e65d588f3467f5ce2640cf2aee1d012
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlInitUnicodeString
strncpy
IoGetCurrentProcess
IofCompleteRequest
ZwClose
ZwDeleteKey
swprintf
RtlCompareUnicodeString
ZwCreateFile
MmIsAddressValid
IoDeviceObjectType
RtlAnsiStringToUnicodeString
strncmp
RtlCopyUnicodeString
ZwSetValueKey
wcslen
MmGetSystemRoutineAddress
ZwOpenKey
ZwQueryValueKey
_except_handler3
_snwprintf
ExAllocatePoolWithTag
ZwSetInformationFile
wcscpy
IoRegisterDriverReinitialization
ZwCreateKey
wcsncpy
wcsrchr
ExFreePool
ObfDereferenceObject
PsGetVersion
_wcsicmp
wcsstr
_wcslwr
_wcsnicmp
ObReferenceObjectByHandle
wcscat
wcschr
KeQuerySystemTime
PsCreateSystemThread
_stricmp
_snprintf
KeDelayExecutionThread
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeQueryTimeIncrement
PsLookupProcessByProcessId
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 96B - Virtual size: 74B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ