Static task
static1
General
-
Target
98a9eb6ae6df9ae1e3fc590610d1befd
-
Size
47KB
-
MD5
98a9eb6ae6df9ae1e3fc590610d1befd
-
SHA1
e038f57b287866bd3880f72e3735305ca223a4d5
-
SHA256
ec2b83dd21600ce3480748a1374111780cb55b9c22ff63e32fc9a6d8c70533d0
-
SHA512
77316b162eeb706f3d36982f057893e292f60c20f717b8eb793de445cb042e46fae8bd9d614660f82be64eedaefc2cc323d33d66c93344a0611a5aaba7427288
-
SSDEEP
768:fjPXgS2KWMPA2zI0zG8zWNzRu55EJ3RrQ2NFGe3IxpfCrUTz:fDXvQMogI0zGoWNzRu5E3Rk2NFGe3Gpq
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 98a9eb6ae6df9ae1e3fc590610d1befd
Files
-
98a9eb6ae6df9ae1e3fc590610d1befd.sys windows:4 windows x86 arch:x86
e257ed7e263af831c9b65a8ea81d89c7
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlInitUnicodeString
MmIsAddressValid
ZwClose
ZwUnmapViewOfSection
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
wcscat
wcscpy
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
PsGetVersion
_wcslwr
wcsncpy
ZwCreateKey
wcslen
swprintf
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
PsSetCreateProcessNotifyRoutine
strncmp
IoGetCurrentProcess
_wcsnicmp
IoRegisterDriverReinitialization
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
Sections
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 256B - Virtual size: 237B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 928B - Virtual size: 900B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 736B - Virtual size: 712B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ