Static task
static1
General
-
Target
8ff22c30169655ce850821f8c7a2d678
-
Size
3KB
-
MD5
8ff22c30169655ce850821f8c7a2d678
-
SHA1
c39fe93dacd348afc929e9d088fd62e3e2bab6b7
-
SHA256
d7709c676b3f0215a24bdae6dfe2810fc84b22fb9a6536d69e1df9aa861877c0
-
SHA512
65cc492410119d07d369b000deaf7d951664a6b13d3abe5e4b9a615e4c762d2f08f2d954b7f86830324a49e6d7b9300254ac6e52578e73f7e019ea5c9dc4a0e8
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8ff22c30169655ce850821f8c7a2d678
Files
-
8ff22c30169655ce850821f8c7a2d678.sys windows:4 windows x86 arch:x86
df34cc4498110ee9cfabfe1604888691
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
_stricmp
strcpy
ExFreePoolWithTag
RtlAnsiStringToUnicodeString
ZwReadFile
ExAllocatePool
ExAllocatePoolWithTag
ExFreePool
RtlInitAnsiString
ZwQueryInformationFile
ZwQuerySystemInformation
RtlFreeUnicodeString
memcpy
KeServiceDescriptorTable
ZwCreateFile
DbgPrint
strcat
InterlockedExchange
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 96B - Virtual size: 80B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 288B - Virtual size: 276B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_INIT_ Size: 32B - Virtual size: 18B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_EXIT_ Size: 32B - Virtual size: 18B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 512B - Virtual size: 484B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 96B - Virtual size: 78B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ