Static task
static1
General
-
Target
a1fc1ef89b39063bf5390de42e1867ab
-
Size
40KB
-
MD5
a1fc1ef89b39063bf5390de42e1867ab
-
SHA1
c09eaa4fe8000a80cddc7125e5c9f4391eaacabe
-
SHA256
e20381f9785d3dcbfbd36439b14f43c930498fd1d303a62f3331db7daf185ecc
-
SHA512
435ae0fbe3cd2d8d0aae2ffcf8c1dd67f0fd90315829821c5a4d5f947f8ffe0df90acb8bfa229d56fca98a499e7409e05bcdf6f7be7d6ebb6527daa4f1544fb8
-
SSDEEP
768:dznIIYOOMWq3Fq8RJ4qVuAuh84ldRXrH1uLMGDFuHzP6kfWMBVm5l:dcIYOO9SqYE/bV9w0HT6GWgVm5l
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a1fc1ef89b39063bf5390de42e1867ab
Files
-
a1fc1ef89b39063bf5390de42e1867ab.sys windows:4 windows x86 arch:x86
7a48d6615148be95050c098706117565
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
wcslen
swprintf
wcscat
wcscpy
RtlInitUnicodeString
ZwSetValueKey
_wcsicmp
ZwClose
ZwQueryValueKey
ZwOpenKey
_except_handler3
RtlAnsiStringToUnicodeString
MmIsAddressValid
IofCompleteRequest
wcsstr
_wcslwr
ExFreePool
_snprintf
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
_snwprintf
strncmp
ZwDeleteKey
_stricmp
PsSetCreateProcessNotifyRoutine
IoDeviceObjectType
RtlCompareUnicodeString
ObReferenceObjectByHandle
KeDelayExecutionThread
KeQuerySystemTime
PsCreateSystemThread
ZwSetInformationFile
ZwCreateFile
ObfDereferenceObject
IoGetCurrentProcess
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
_wcsnicmp
strncpy
KeTickCount
KeQueryTimeIncrement
IoRegisterDriverReinitialization
PsLookupProcessByProcessId
ZwCreateKey
wcsncpy
wcsrchr
wcschr
PsGetVersion
RtlCopyUnicodeString
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 44B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ