Static task
static1
General
-
Target
9988ff6847aba2bebeebd5bde3452e42
-
Size
40KB
-
MD5
9988ff6847aba2bebeebd5bde3452e42
-
SHA1
389a111a290b02c7ac15fa009e10016522f11dcc
-
SHA256
135e5e622070b4bd71cfae4fa800c892add437889d495d43105ac5a59ecc8983
-
SHA512
8472b79a08a249b55b03c53cb4851538d3a1e3069540475abb5b6b20549ca41452b86dd56c399fbc9606a35a68cb0647c0742cc08bf024606c051ee580ebed95
-
SSDEEP
768:DX5RPFD3kfm932eEbSSY6NgKnm8j8rPZORpoHZt4O0XjPXS5k/Um9UUXMnAyWvVp:DX5Ft3jN2eEW/6NDnm8gDZORqHjOTPSc
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 9988ff6847aba2bebeebd5bde3452e42
Files
-
9988ff6847aba2bebeebd5bde3452e42.sys windows:4 windows x86 arch:x86
6368db5dc2f1cb5cf398f03f98f52c6c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwDeleteKey
swprintf
KeTickCount
KeQueryTimeIncrement
_stricmp
PsGetVersion
ZwOpenKey
RtlInitUnicodeString
_snwprintf
ExAllocatePoolWithTag
IoRegisterDriverReinitialization
MmIsAddressValid
ZwSetInformationFile
ZwCreateFile
wcslen
wcscpy
ZwCreateKey
wcsncpy
wcsrchr
RtlCompareUnicodeString
PsSetCreateProcessNotifyRoutine
RtlAnsiStringToUnicodeString
wcscat
_wcsicmp
strncpy
PsLookupProcessByProcessId
KeDelayExecutionThread
KeQuerySystemTime
IofCompleteRequest
ObfDereferenceObject
strncmp
_wcsnicmp
IoGetCurrentProcess
MmGetSystemRoutineAddress
PsCreateSystemThread
ZwSetValueKey
ZwQueryValueKey
_except_handler3
ObReferenceObjectByHandle
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcschr
IoDeviceObjectType
wcsstr
_wcslwr
ExFreePool
_snprintf
RtlCopyUnicodeString
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 96B - Virtual size: 68B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ