Static task
static1
General
-
Target
50baaf023ea447d5cb4465c0e921447c
-
Size
14KB
-
MD5
50baaf023ea447d5cb4465c0e921447c
-
SHA1
011270ecc86a8126d7a20d8fc6c38ce3d626c568
-
SHA256
8c8107251a08b8d04ced0fdd36cb606dd4df76561e6ad01ccdba79de0df7f1bc
-
SHA512
4b57593511ce765dbcb1859f48c844523877c3b8846112542beae98d77c7cdea261f3746a57e5f9feb5eb06f77128f3cd4b5092932a5e8f123e80aa1d8d4c0ab
-
SSDEEP
192:ywIk/hTnw9RVQPOkM95elePivVEpsfEpajd66ArPfR6Fh9Pk1QCjGFa4M:t/hTnj2zAyKEeMpaZ66ArXRIz81QCjF
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 50baaf023ea447d5cb4465c0e921447c
Files
-
50baaf023ea447d5cb4465c0e921447c.sys windows:4 windows x86 arch:x86
c09ebd4496cc864a65a00b8d70d80af8
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
RtlInitUnicodeString
isupper
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strstr
strncpy
PsLookupProcessByProcessId
atoi
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
ZwCreateKey
wcslen
wcscat
wcscpy
isxdigit
isprint
strchr
tolower
RtlAnsiStringToUnicodeString
strncmp
IoGetCurrentProcess
_wcsnicmp
_wcslwr
wcsncpy
PsGetVersion
strrchr
srand
atol
isspace
islower
isdigit
toupper
ZwCreateFile
IoRegisterDriverReinitialization
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
DbgPrint
MmIsAddressValid
ZwUnmapViewOfSection
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 832B - Virtual size: 830B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ