Static task
static1
General
-
Target
533619210843db0761a35fcffffd6356
-
Size
7KB
-
MD5
533619210843db0761a35fcffffd6356
-
SHA1
285901ebc7ae474d414055c31379030c22690d4b
-
SHA256
2852a5866d4491fd9ca363a4e5ba2ae48e865b415be47ca8c0124a772a49888d
-
SHA512
f4a557ea9328799dcd51265474bbe8e3ab1c4a002eaa25a882e0f6f13bf2dc9a84bf8837860b1464e7e399e6f11e9bfe3995a17ff44c7a3bc07399b88c83d6c7
-
SSDEEP
96:Bf807xGfUP52s2//onv7cydkp+m3kbWeOi:BOUkp//8v7cyypIPOi
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 533619210843db0761a35fcffffd6356
Files
-
533619210843db0761a35fcffffd6356.sys windows:4 windows x86 arch:x86
f44a8f34204b1b1e988ea77d168f9d57
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlFreeUnicodeString
IoAttachDevice
RtlAnsiStringToUnicodeString
RtlInitAnsiString
memset
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
DbgPrint
KeSetEvent
ExfInterlockedInsertTailList
ExAllocatePoolWithTag
IofCallDriver
RtlAssert
PsTerminateSystemThread
KeWaitForSingleObject
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
IofCompleteRequest
ObfDereferenceObject
ExfInterlockedRemoveHeadList
IoDeleteSymbolicLink
KeReleaseSemaphore
KeSetTimer
KeInitializeTimer
IoDetachDevice
KeInitializeSemaphore
KeInitializeSpinLock
Sections
.text Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 176B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 812B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 290B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ