Static task
static1
General
-
Target
8fc51a1a31b2eba4d2a47c995a12a9e1
-
Size
22KB
-
MD5
8fc51a1a31b2eba4d2a47c995a12a9e1
-
SHA1
04bc6860f40c7beec5a66fa6ae019c6e100e66fd
-
SHA256
ec03522e7a6e39d7fde58e19e1adec776e0ef9cd76e1462211cf0d731a92aa69
-
SHA512
fddd250484803b8fe498e7feca5e40b0fbd47ed33ead479cf2cc02fcea08430256e21cba233446ce846a1425fc5c1f93edf86802bce3b35fdfe3a8b351145388
-
SSDEEP
384:3BXigawkb9UJoOy9taOowJRjmD+Rmyg58bbASKx+I+rFXCVuEvQxvlVtg58bbL:RSgaooOy9XoGRoyzb8SE+vXCS97zbf
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8fc51a1a31b2eba4d2a47c995a12a9e1
Files
-
8fc51a1a31b2eba4d2a47c995a12a9e1.sys windows:4 windows x86 arch:x86
8266a346ffca8148886085474cf18c7b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
wcslen
wcscpy
ExFreePool
ZwClose
wcscmp
ZwDeleteKey
wcscat
RtlCompareUnicodeString
ZwCreateFile
PsGetVersion
_wcsicmp
RtlInitUnicodeString
RtlCompareMemory
RtlUpcaseUnicodeChar
RtlUnwind
ZwFlushKey
ZwCreateKey
ZwOpenKey
ZwSetValueKey
ZwQueryValueKey
ZwDeleteValueKey
Sections
.text Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 512B - Virtual size: 492B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ttgb Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 896B - Virtual size: 888B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 704B - Virtual size: 704B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ