Static task
static1
General
-
Target
5a2a1a482b3329da4389f48fa53c1c27
-
Size
3KB
-
MD5
5a2a1a482b3329da4389f48fa53c1c27
-
SHA1
1570d0291eeb4963715b6224e425659adb4d7865
-
SHA256
f60b98379ef24d31742a8872f16d8a487f32ca590a364b5594da3f9ce4c07849
-
SHA512
3e161e32660d5a80c11a9517b9b56e102afd8e4527bac989d5229fbc8fe05ad185478a26d0167e91f9148dc3b172c8821bbd585245647501d22708be8d70d538
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5a2a1a482b3329da4389f48fa53c1c27
Files
-
5a2a1a482b3329da4389f48fa53c1c27.sys windows:5 windows x86 arch:x86
20d2c196236771522aefaa12cf48714b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
KeServiceDescriptorTable
ZwQueryDirectoryFile
IoDeleteDevice
IoDeleteSymbolicLink
IofCompleteRequest
RtlFreeAnsiString
RtlCompareMemory
DbgPrint
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
RtlInitAnsiString
ProbeForWrite
ProbeForRead
IoCreateSymbolicLink
IoCreateDevice
_except_handler3
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 193B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 256B - Virtual size: 176B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 512B - Virtual size: 482B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 256B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ