Static task
static1
General
-
Target
7fe1472a1b41816381a5a585ceff2e2a
-
Size
25KB
-
MD5
7fe1472a1b41816381a5a585ceff2e2a
-
SHA1
9708dba950d7d9efc41b082d9aeaa6ccfb2eb6cc
-
SHA256
8ed7aad7fbbd257d80b453d6c0025b7ca40b4484615e7fc4f18eb283c0f507b7
-
SHA512
7cba3e5629993c701dbea3434edff38c86abe7ddaed3f7d5bafd83ed302cf735dfafd235f59fd3fb07ceaa473e3577ad09c87857026badb2f0acd8fac79bc083
-
SSDEEP
768:QOLTPPqwMNCtfouNVetqtqZ8N4LEpmpPfqBxA8mPdzohX6k72t/BwPBXf:QOLzPqwMkfoVMB+Kg/BCP
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7fe1472a1b41816381a5a585ceff2e2a
Files
-
7fe1472a1b41816381a5a585ceff2e2a.sys windows:4 windows x86 arch:x86
449a0cda53354ea04f9b0a01d1ea4dc7
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwCreateFile
RtlInitUnicodeString
islower
IoRegisterDriverReinitialization
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
isxdigit
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
atoi
isspace
isdigit
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
isprint
PsGetVersion
DbgPrint
strncmp
IoGetCurrentProcess
_wcslwr
wcsncpy
_wcsnicmp
wcslen
ZwOpenKey
ZwEnumerateKey
ZwSetValueKey
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
MmIsAddressValid
ZwUnmapViewOfSection
isupper
strrchr
ZwCreateKey
wcscat
wcscpy
atol
strstr
Sections
.text Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 704B - Virtual size: 704B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ