Static task
static1
General
-
Target
5af770466ad91a0bc690690bc373e6b9
-
Size
48KB
-
MD5
5af770466ad91a0bc690690bc373e6b9
-
SHA1
1c2ec13046394d968c61cc6d4b8af6d09ad9a12a
-
SHA256
e2576b09cbc121eafd4b1b8bd873b489732d621933cfd8b233214bd65b8340b0
-
SHA512
cd58c546210d8962e3198b8e883a899c048725f9a0381a1ae8d5b75949fb80779dcbad7145e1fdca4d64f6e09b0d7086bea9a5c3b8e698bc515383781146fba8
-
SSDEEP
768:9AVhPnJd//FrmIKYp/X8xKIMwdlcljxRzMgOZ:KN6lYpM83MV
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5af770466ad91a0bc690690bc373e6b9
Files
-
5af770466ad91a0bc690690bc373e6b9.sys windows:4 windows x86 arch:x86
1dfbe56c096a2f259b4d7d006ab89226
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
ZwClose
ZwCreateKey
swprintf
wcscat
wcscpy
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwCreateFile
MmGetSystemRoutineAddress
MmIsAddressValid
_stricmp
strncpy
KeInitializeTimer
IofCompleteRequest
PsGetVersion
_wcslwr
wcsncpy
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
ZwUnmapViewOfSection
Sections
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 256B - Virtual size: 230B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 704B - Virtual size: 700B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 928B - Virtual size: 912B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 768B - Virtual size: 746B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ