Static task
static1
General
-
Target
acd38413c19ec75d10320ae5c35a9eb1
-
Size
21KB
-
MD5
acd38413c19ec75d10320ae5c35a9eb1
-
SHA1
3c34c069e9d8ab00247822e7a86e04c8c19ab1cb
-
SHA256
5a21525d0fd5d3bfc09cbc01f074260b65ab6f5c7350116e832bd815f59a7d4e
-
SHA512
fadb8111a6d5809dbc7fc162df4dd530a779faeac62c9ec445caf63422261bbf639875fb91a8f1d6c73d69446780dc591f266c41bda9503f7c94c3ba4f26ffb4
-
SSDEEP
96:Z5OBn/Sw1C4rvFpKCSsOnisE5GMSZegVViI4TMTS0DuH/hbffXfZ+5ogG3DZPQF:nOBnH19vq30SZegVVinMFk5HlFPq
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource acd38413c19ec75d10320ae5c35a9eb1
Files
-
acd38413c19ec75d10320ae5c35a9eb1.sys windows:5 windows x86 arch:x86
e3787c5d0593657b80ab573899a2f88e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IofCompleteRequest
MmIsAddressValid
RtlFreeAnsiString
_strupr
RtlUnicodeStringToAnsiString
strncmp
IoGetCurrentProcess
strrchr
PsGetCurrentThreadId
PsGetCurrentProcessId
strstr
PsLookupProcessByProcessId
strncpy
RtlInitUnicodeString
KeServiceDescriptorTable
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwReadFile
ZwClose
ZwCreateFile
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 224B - Virtual size: 212B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 96B - Virtual size: 68B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 736B - Virtual size: 732B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 448B - Virtual size: 444B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ