Static task
static1
General
-
Target
677bb79e088917466596a8fa4e48e0fc
-
Size
20KB
-
MD5
677bb79e088917466596a8fa4e48e0fc
-
SHA1
818dad9f72895d645d31433278d6243213693263
-
SHA256
fd4dcafa6904807d48a6a852e6db22b54c7ff688c12117b1e955bd4d4dc4188e
-
SHA512
5676c14a935244e2a1eee7db4020bac2a736c6f75db556ca5c45e368c47a86dcff2a20a11b3d2f76ecd6685858a14e50c120b86d5a4e7eb9b383eca6e3fba0c5
-
SSDEEP
384:uy2AQsyqQ3R1GB86Ol386OBlCujeJBAjMHsIpiKnE4T7pYF4u3UVaDwBt3oZSbMS:XTQRsosIpiKE4T7pYF4u3UVaDwBt3oZI
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 677bb79e088917466596a8fa4e48e0fc
Files
-
677bb79e088917466596a8fa4e48e0fc.sys windows:4 windows x86 arch:x86
10834039c9278ea5d97cc30c130b428d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_stricmp
RtlCompareUnicodeString
RtlInitUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
IoGetCurrentProcess
ZwClose
ExFreePool
ZwWriteFile
ExAllocatePoolWithTag
ZwCreateFile
wcscat
wcscpy
_snwprintf
ZwEnumerateKey
ZwOpenKey
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
IofCompleteRequest
MmGetSystemRoutineAddress
PsSetCreateProcessNotifyRoutine
strstr
ZwQueryValueKey
ZwCreateKey
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
_wcsnicmp
wcslen
strncmp
_except_handler3
PsCreateSystemThread
strncpy
PsLookupProcessByProcessId
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 928B - Virtual size: 902B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ