Static task
static1
General
-
Target
4c0cd6a891911964255c3de76bd55f33
-
Size
24KB
-
MD5
4c0cd6a891911964255c3de76bd55f33
-
SHA1
22938d868e39196514ecf5204e49cfb1c014dcd3
-
SHA256
aff926c8481ac7fa92d75e7a91c8fc2abcbaaf797d35795a9066c7a30f848e98
-
SHA512
5419f1ac2f9c014812e2e5578f256e37059b1cbf30cd73db58a3a0d420e9bb4dc7c95e8d56cb4cf54a145f933f8e64b38a1f43c6f27e6e0788f393e41751985d
-
SSDEEP
384:7Z3mkFKyF3eFhehapP/SLeSbh8vZljyLsRkPNxdbvPib4EbFHsfumddb/iT:1DbxbyyHrdzi5Nsfuqb
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4c0cd6a891911964255c3de76bd55f33
Files
-
4c0cd6a891911964255c3de76bd55f33.sys windows:4 windows x86 arch:x86
9ebe6ae5840e111ce6c729b876d3b6b0
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwQuerySystemInformation
KeServiceDescriptorTable
_wcsnicmp
wcslen
ZwClose
RtlInitUnicodeString
swprintf
wcscat
wcscpy
_stricmp
strncpy
MmIsAddressValid
_except_handler3
IoGetCurrentProcess
RtlCompareUnicodeString
IofCompleteRequest
RtlCopyUnicodeString
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwUnmapViewOfSection
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
PsGetVersion
ObfDereferenceObject
ObQueryNameString
_strnicmp
strncmp
Sections
.text Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 768B - Virtual size: 752B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 1002B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ