Static task
static1
General
-
Target
56733dcdb12fc3e0663c214053a32518
-
Size
52KB
-
MD5
56733dcdb12fc3e0663c214053a32518
-
SHA1
acce507fef319d1e7a6764dd63268709ff129906
-
SHA256
61ed9362dd96c463e614968d66f184c394301342aaaceff2a8caafdb86024fda
-
SHA512
956141851501c120d584edca5d92c332b6e3feac1b81b5e1adecbeeb51fcb419583ad623228817848d622aca016c7e5c7fc82dd11a7c0a9152e1e3c15a55fa36
-
SSDEEP
768:TanRWYXE7n3Vbr2SaKIBwNRw6wQkO+80M+uuXhcmNh7K:2Vi3dM/K
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 56733dcdb12fc3e0663c214053a32518
Files
-
56733dcdb12fc3e0663c214053a32518.sys windows:4 windows x86 arch:x86
91925203559020a23142c57058eabc77
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PsGetVersion
_wcslwr
wcsncpy
ZwCreateFile
ZwSetValueKey
ZwClose
ZwOpenKey
ZwEnumerateKey
ZwCreateKey
wcslen
swprintf
RtlInitUnicodeString
wcscat
wcscpy
strncmp
IoGetCurrentProcess
_wcsnicmp
PsTerminateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
MmIsAddressValid
IoRegisterDriverReinitialization
ZwUnmapViewOfSection
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
Sections
.text Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 288B - Virtual size: 266B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 832B - Virtual size: 804B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 928B - Virtual size: 912B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 768B - Virtual size: 742B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ