Static task
static1
General
-
Target
kernel.sys
-
Size
24KB
-
MD5
2e40337b1d55b1125d5703b13841522c
-
SHA1
abcaeca01c0ea2499b5f740c234daa6148c0bacc
-
SHA256
1aaa2ae092c7daeba3ea133c72dca787bdd7b6d6194e73af52a0606c91cb9d83
-
SHA512
48ae0883de81dc6963967b4789ed37d866c47741168581b796c0f3896cf7c13f0c85427e1c96e907aff3f2e0317cdb63d73296db521d9a8967ee0381c0026510
-
SSDEEP
384:npe3Di+LmI7bOtWu3s94bBWAUsEwo9Qigk6ZNTwI350W3BLaIkKTarp:peTi+aI/OtWabBzUsEuiP4d3BLaIla1
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource kernel.sys
Files
-
kernel.sys.sys windows:10 windows x64 arch:x64
89ce568c6ee8b732f4c8d029a7c2ebe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
RtlGetVersion
ExAllocatePoolWithTag
ExFreePoolWithTag
IoGetCurrentProcess
ObfDereferenceObject
ObReferenceObjectByName
ZwQuerySystemInformation
MmHighestUserAddress
IoDriverObjectType
Sections
.text Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 344B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 360B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 512B - Virtual size: 340B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 48B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ