Static task
static1
General
-
Target
446d3a0fe0d595e2121c7f186b70a42d
-
Size
47KB
-
MD5
446d3a0fe0d595e2121c7f186b70a42d
-
SHA1
63eb13ae6bb9c5b311a51f2d763468c4cc767bd0
-
SHA256
12a83f6f96c5ee74a98450240257572ade7338efdd0a6377051d4001577fcd2e
-
SHA512
53b74c36bbbd05c00cda0c925ab4c78c82704fa19b9200e8d55a6dbb95dac85baca703983c1825a2bd3a8a700677fa424d9da1a3d5b61a07f6b08036bfeb6192
-
SSDEEP
768:ZfyrkIOyImfBmocCOrfDwAlqbFnmky5xE2Mpblmn9RHam9SCK7SiVo6T6aMq5dJh:YJ5PFmnEHMaoiXwDt
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 446d3a0fe0d595e2121c7f186b70a42d
Files
-
446d3a0fe0d595e2121c7f186b70a42d.sys windows:4 windows x86 arch:x86
a3235d23008330aae7a178b0458fb190
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
swprintf
RtlInitUnicodeString
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
wcscat
wcscpy
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
MmIsAddressValid
ZwUnmapViewOfSection
PsGetVersion
_wcslwr
wcsncpy
ZwCreateKey
wcslen
ZwCreateFile
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
IoRegisterDriverReinitialization
RtlAnsiStringToUnicodeString
MmGetSystemRoutineAddress
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
strncmp
IoGetCurrentProcess
_wcsnicmp
PsSetCreateProcessNotifyRoutine
Sections
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 928B - Virtual size: 900B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 736B - Virtual size: 712B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ