Static task
static1
General
-
Target
7457c160ed8e076a5b055acab8795f04
-
Size
63KB
-
MD5
7457c160ed8e076a5b055acab8795f04
-
SHA1
af8137bbf976490348f466e3615bf2d12fb0797d
-
SHA256
c0780582711bde593fed1a9b1a7e0053adf125458bcd744c2016f37e4b30003e
-
SHA512
6c39e6664dd96bac6eef52a2dd2f64029ecd50323095634c6814321401da2019936130b6883321c857795808e1a5279b2ca04208d6d6a7e6da7e6b445bbeee23
-
SSDEEP
384:JAsEpp7k6YD6Gop6oQlKHsxm2qGqa1rNn8TI0zUpyyHAeaMqA0RYjdA/DTEqHPQ3:9Ez7f6top6G4cIEcFOa7iOl
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7457c160ed8e076a5b055acab8795f04
Files
-
7457c160ed8e076a5b055acab8795f04.sys windows:5 windows x86 arch:x86
f2057189a5e53cdd3d564b23afbb0aeb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwQuerySystemInformation
KeServiceDescriptorTable
ZwClose
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwCreateFile
KeInitializeSpinLock
IofCompleteRequest
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
ExAllocatePoolWithTag
ObReferenceObjectByHandle
ZwOpenProcess
wcslen
strncmp
IoGetCurrentProcess
MmIsAddressValid
PsGetCurrentProcessId
MmUserProbeAddress
NtBuildNumber
KeBugCheck
KeTickCount
KeBugCheckEx
strrchr
_stricmp
vice
ExFreePoolWithTag
hal
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 928B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ