Static task
static1
General
-
Target
8d042fd4e2b1c04209d83d43bb494483
-
Size
48KB
-
MD5
8d042fd4e2b1c04209d83d43bb494483
-
SHA1
503c2499e2726c4a8564022d2d56e42485a4d53e
-
SHA256
04b54597e2c9a97784f8189c51ab1de5693aa84cddf26afebf82c13e4062e2c1
-
SHA512
a571fb1a5924946ef80ff4c02c3b124f64c42e880877a64967ef804dde08b1f791f3336673048011446ddd780789d582edc5d7cb1ea41f8dde31068e38d93b90
-
SSDEEP
768:RzFhhPJCW7nCAPvls4VkSE7z24gzrzSLQF64UcKF:Rhh7C6fNstbz24gzrzSQF6x
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8d042fd4e2b1c04209d83d43bb494483
Files
-
8d042fd4e2b1c04209d83d43bb494483.sys windows:4 windows x86 arch:x86
d020de1b97ea3330beaa7f1edf65bf8e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strlen
ZwClose
ZwWriteFile
ZwCreateFile
RtlInitUnicodeString
strncmp
PsGetProcessImageFileName
PsLookupProcessByProcessId
ZwSetValueKey
ZwCreateKey
memset
ExAllocatePoolWithTag
memcpy
KeReleaseMutex
RtlEqualUnicodeString
KeWaitForSingleObject
_except_handler3
ExFreePoolWithTag
RtlFreeUnicodeString
RtlCopyUnicodeString
RtlAppendUnicodeToString
ObQueryNameString
ObfDereferenceObject
ObReferenceObjectByHandle
MmIsAddressValid
RtlAppendUnicodeStringToString
ZwOpenFile
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
KeInitializeMutex
Sections
.text Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 192B - Virtual size: 188B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 800B - Virtual size: 792B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 480B - Virtual size: 456B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ