Static task
static1
General
-
Target
8e5a2a1aca9c781359fe489e7fac8d09
-
Size
18KB
-
MD5
8e5a2a1aca9c781359fe489e7fac8d09
-
SHA1
b192521c114e2b8d586a3d6a330c4168f8900753
-
SHA256
9e240853249624de44f8b2f8c52b76adb1971b02c5fa62117f51dadfdfea376e
-
SHA512
da184957284970b7b911bbd29dd83084ae1fdd4cc900909e165cc5149fdf7f63b42f344e3e29d9132675b655891be1bd1ff2976b9f9ceb17a30aa63f1183a8dc
-
SSDEEP
96:hIYYn0ThTeuVflZgOH/OVg22+3Yea1aSkM:hIYYn0TEufHnUP7QJ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8e5a2a1aca9c781359fe489e7fac8d09
Files
-
8e5a2a1aca9c781359fe489e7fac8d09.sys windows:5 windows x86 arch:x86
104fd576b2ee54875aeec84ff3acb046
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IofCompleteRequest
strncmp
IoGetCurrentProcess
RtlInitUnicodeString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwReadFile
ZwClose
ZwCreateFile
ExFreePool
ExAllocatePoolWithTag
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
DbgPrint
IoDeleteDevice
IoDeleteSymbolicLink
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 192B - Virtual size: 164B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 96B - Virtual size: 67B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 512B - Virtual size: 486B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 352B - Virtual size: 338B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ