Static task
static1
General
-
Target
44e95d1ca9a70f3fd12f5d09e1e533dc
-
Size
21KB
-
MD5
44e95d1ca9a70f3fd12f5d09e1e533dc
-
SHA1
d3c22cef8044b690499c5342d2ac1a65572b429e
-
SHA256
7945aa7a96da4c88e1beae9178e18ff53c4b5894b43992f2ccc7f6a6c6e512d0
-
SHA512
dcf6f65c3be0170c42c38be076ba5ac093e1aaa2cc5de11e55395f3ac2a97ce50a6c6c50e256890c4659473c2092555740385c3dad4a921f1e7d3509e1e7ee0a
-
SSDEEP
384:9vwBnCzGMJS0JfXWKekNghpKZqC1QugV/kY00bo542GOBYwle8/jm8Yh:mh0LSKvWeQRk0bo5jfeu
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 44e95d1ca9a70f3fd12f5d09e1e533dc
Files
-
44e95d1ca9a70f3fd12f5d09e1e533dc.sys windows:5 windows x86 arch:x86
a91689dc3ce758991b26613d20237961
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
swprintf
KeDelayExecutionThread
ZwCreateKey
wcslen
wcscat
wcscpy
MmIsAddressValid
strncmp
IoGetCurrentProcess
_wcsnicmp
PsGetVersion
_wcslwr
wcsncpy
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwUnmapViewOfSection
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 608B - Virtual size: 594B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ