Static task
static1
General
-
Target
6699d93e6f6dade3695704897b4541c0
-
Size
30KB
-
MD5
6699d93e6f6dade3695704897b4541c0
-
SHA1
c6c741ad9a9d704f71c9f88212cfa48b07174a54
-
SHA256
e631858538599745b2b22186d8ddcf7e1cbadb6b2894147a8fc5ef08554ebbbf
-
SHA512
9c389737821731d1ba5d75107dcd714c9a0e035f9693efd055118051178b48afc2d5329bb937eed06167a08649bbb61e7a99579caceb4ceba45ba05d8b03e315
-
SSDEEP
384:nEoSzaQJqMQ48Sa1e9ANKn27R4qV0WEFTBx9IHZsKmjQbje/x:nSmQJef1e9ANKn27R4W09FTBxCCjQo
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6699d93e6f6dade3695704897b4541c0
Files
-
6699d93e6f6dade3695704897b4541c0.sys windows:4 windows x86 arch:x86
620342518a48101d8d4fbf9ec1173d16
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlInitUnicodeString
MmGetSystemRoutineAddress
wcscat
swprintf
_snprintf
ExFreePool
ExAllocatePoolWithTag
strncpy
_except_handler3
ObfDereferenceObject
ObQueryNameString
wcslen
_strnicmp
strncmp
wcscpy
ZwMapViewOfSection
ZwCreateSection
_wcsnicmp
ZwUnmapViewOfSection
_stricmp
RtlAnsiStringToUnicodeString
RtlCopyUnicodeString
Sections
.text Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 544B - Virtual size: 530B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ