Static task
static1
General
-
Target
4e3b9da0580837c2275161645ca0a46d
-
Size
35KB
-
MD5
4e3b9da0580837c2275161645ca0a46d
-
SHA1
f65aac736d3ac720a89b4a196317ee4c71566c0a
-
SHA256
1b7dde6dc8c124d8ea2741065c22d39605239b86cd752891e567c12ee61494ea
-
SHA512
8788247fd855ccc270d6ecc4c9daa154ef7ddcb4f5939e1f4ac862c405bbd8cf79b0dea05db6fc4053cdfcbe481747b1e86a1c70ee2ad876bb2d3288af68ea23
-
SSDEEP
768:UxXR5Pvtm2rTPHU19+4yCan8I7Yx8PbxkddgLFxu2Qqww44YaNX5VJ4:+XPlm2rrHU19+4yB8Ikx8PbxwdoFcOws
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4e3b9da0580837c2275161645ca0a46d
Files
-
4e3b9da0580837c2275161645ca0a46d.sys windows:4 windows x86 arch:x86
e1497e6a8f5a3f246fd18fbc4db3b547
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PsTerminateSystemThread
isdigit
ZwCreateFile
RtlInitUnicodeString
atol
isspace
IoRegisterDriverReinitialization
isupper
tolower
strchr
RtlAnsiStringToUnicodeString
strstr
srand
isxdigit
toupper
strrchr
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
_wcslwr
wcsncpy
PsGetVersion
islower
MmIsAddressValid
ZwUnmapViewOfSection
swprintf
ZwClose
KeDelayExecutionThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
isprint
atoi
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwCreateKey
wcscat
wcscpy
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ