Static task
static1
General
-
Target
8cfcca6af87438de67dd4088d874cced
-
Size
45KB
-
MD5
8cfcca6af87438de67dd4088d874cced
-
SHA1
42e0ddd1c1f51674d42c61d12f12a4af5db07d0f
-
SHA256
7e6b3a8b807d158cf184507db8225622af5b2a75ac79539103a615b43fd76c9e
-
SHA512
4dbf2819438827e6759966257a2ed98885733d2ab38e2f8446d3ad5a7f1c3edc7f83f05d498f97e0de8b1569cb05b35f581c52ed94b82c560a1ef4d3f682e4f8
-
SSDEEP
768:9oaJLXd1eNXg4y8gvt5zdu/cTUUWtz0ERxHi4GJJVesgdRqXGfmCWb0dROw4ozc/:9oYLN6wP8gvjzdfTytz0E7i4GAsgdk2M
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8cfcca6af87438de67dd4088d874cced
Files
-
8cfcca6af87438de67dd4088d874cced.sys windows:4 windows x86 arch:x86
37a7d9a907096e82b7813b4e3aafc263
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
RtlInitUnicodeString
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
wcscat
wcscpy
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
MmGetSystemRoutineAddress
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwCreateFile
swprintf
MmIsAddressValid
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
PsSetCreateProcessNotifyRoutine
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
RtlAnsiStringToUnicodeString
ZwUnmapViewOfSection
IoRegisterDriverReinitialization
ZwCreateKey
PsGetVersion
_wcslwr
wcsncpy
Sections
.text Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 224B - Virtual size: 205B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 928B - Virtual size: 900B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 736B - Virtual size: 710B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ