Static task
static1
General
-
Target
527c7038804edd1c7ac093a3df7076f6
-
Size
3KB
-
MD5
527c7038804edd1c7ac093a3df7076f6
-
SHA1
71573e82561249ac5e6e24cd549422fc41f2d14d
-
SHA256
dae74597b51f85f33edea9538fd7bffa34f69a7081e8a458cf3cc4b770d05a7a
-
SHA512
a17466e59a2f3164073bc90b695bff50c5c905e18f532a72969de517bc6a6f4b1219f4916f8f53e04e1a0461e4c6e86cd94b83f47d656ffe3746981147095617
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 527c7038804edd1c7ac093a3df7076f6
Files
-
527c7038804edd1c7ac093a3df7076f6.sys windows:5 windows x86 arch:x86
cb70b6602d893162abc0ed8af3f4e188
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlFreeAnsiString
strncpy
RtlUnicodeStringToAnsiString
ObQueryNameString
IofCompleteRequest
KeDetachProcess
ObfDereferenceObject
ObReferenceObjectByHandle
KeAttachProcess
PsLookupProcessByProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ZwOpenProcessToken
ZwOpenProcess
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 193B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 640B - Virtual size: 562B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 256B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ