Static task
static1
General
-
Target
64efe2b8d527c355fd4cb5e045dbf1d2
-
Size
40KB
-
MD5
64efe2b8d527c355fd4cb5e045dbf1d2
-
SHA1
66fc07580afb5e7f82a71a28c0aba81670a32a15
-
SHA256
f8cea8a1a9150de57ed0ecc10c87cc5f50b82f6843f23682ad586ed59495a3ee
-
SHA512
eed4cfde3eae73b8e085e579e9c5e086ae5b5c41ef37a3b950425cf3682115a253bc7d620f1e39acc23f8d82d665e2c1a4fec5fc437522ec61697342d0a2daee
-
SSDEEP
768:4MiAgwCDBHqqUcZdGUsoB5zVf2m5a3ic7qWbj4QexeTSXLk:AwMqfbUxBRVR5a3ic7pj4QaeTcLk
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 64efe2b8d527c355fd4cb5e045dbf1d2
Files
-
64efe2b8d527c355fd4cb5e045dbf1d2.sys windows:4 windows x86 arch:x86
d074d93c394fc5efd22397df5533ffad
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncpy
PsLookupProcessByProcessId
_stricmp
ObReferenceObjectByHandle
ZwSetValueKey
wcslen
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
IoRegisterDriverReinitialization
PsSetCreateProcessNotifyRoutine
_wcsicmp
wcsncpy
wcsrchr
RtlCopyUnicodeString
wcscat
wcscpy
ZwClose
ZwQueryValueKey
ZwOpenKey
_except_handler3
swprintf
wcsstr
_wcslwr
ZwDeleteKey
MmIsAddressValid
IoDeviceObjectType
IoGetCurrentProcess
PsGetVersion
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwCreateKey
_snwprintf
ExAllocatePoolWithTag
ZwCreateFile
ExFreePool
ObfDereferenceObject
_wcsnicmp
strncmp
RtlCompareUnicodeString
ZwSetInformationFile
KeTickCount
KeQueryTimeIncrement
KeDelayExecutionThread
KeQuerySystemTime
wcschr
PsCreateSystemThread
_snprintf
IofCompleteRequest
MmGetSystemRoutineAddress
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 64B - Virtual size: 61B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ