Static task
static1
General
-
Target
42540a8b6bf75559135803b8bc1c6e0f
-
Size
26KB
-
MD5
42540a8b6bf75559135803b8bc1c6e0f
-
SHA1
292ec854cabe957ce5db1a96804f58d4bf6481f3
-
SHA256
75e87426a106cf56ffaa3e2986ff9ef84ceb4d5b3aa77afa423e29fdad0eeaa8
-
SHA512
5ebd2e2f9ddebe4d1d6ef651412fa5e2fdaa31e3be9ce0fecbb2ac6be89548ee356c8f8a23c34bad9997ef5b3ee37d7f4bf49add75eca432302eaf5349cf692c
-
SSDEEP
384:PQM3eSI1+FHhtaeG4JzItsNfu/XLAZPBDLDIbSyXRuD0rjT4d+EWbCkjn1mo0P/I:4MOSA+QFQfu/MIG9HKpzS1AukbH
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 42540a8b6bf75559135803b8bc1c6e0f
Files
-
42540a8b6bf75559135803b8bc1c6e0f.sys windows:5 windows x86 arch:x86
9a631f66f77e1bae432374367f34eac4
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
MmIsAddressValid
RtlFreeUnicodeString
KeDelayExecutionThread
ZwClose
ZwCreateKey
swprintf
RtlInitUnicodeString
wcscat
wcscpy
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwCreateFile
IoRegisterDriverReinitialization
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
PsGetVersion
_wcslwr
wcsncpy
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
ZwUnmapViewOfSection
RtlAnsiStringToUnicodeString
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 634B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ