Static task
static1
General
-
Target
432a724687719504f4f17a0c88377d8d
-
Size
27KB
-
MD5
432a724687719504f4f17a0c88377d8d
-
SHA1
aaf0c41fdcb486e4d8a5e1badb3ecd48b4788519
-
SHA256
49880f411ebf4da73531febae7183f8e7362d062b90a091e28201eefd1c425d9
-
SHA512
1afc69ff4dbc35b9a20d5e92810e6c7e07278eeeeac15750467b6d363737bf6c01eeef97842fc5748083692d0a906ecd9dc0691bdd33e204d4ca4bd5fe79c562
-
SSDEEP
384:C4gKXI6nLGW7dN6udZAi9Fcgjzog6R0NJHZJ47o4QoTM03K36xbGFjQOdGE8TKia:dg+L3dNNjJ5OQoYt36xy67Y33/YXVcR
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 432a724687719504f4f17a0c88377d8d
Files
-
432a724687719504f4f17a0c88377d8d.sys windows:5 windows x86 arch:x86
9be723231a243a42b96bf294b40bf8a4
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
PsGetVersion
_wcslwr
wcsncpy
RtlAnsiStringToUnicodeString
MmIsAddressValid
ZwClose
ZwUnmapViewOfSection
swprintf
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
KeDelayExecutionThread
ZwCreateKey
wcscat
wcscpy
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 612B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ