Static task
static1
General
-
Target
ae2bf3aa5d8828e6147365bc81f354f5
-
Size
60KB
-
MD5
ae2bf3aa5d8828e6147365bc81f354f5
-
SHA1
c7f3dd51af49bf5cec798ebed48f445d50110f2d
-
SHA256
e252fe31a15bb4c32d365321b23d32e93503903db5082f389686245f021b20ae
-
SHA512
cf25d54ae66f11c3d6d23fb07be8123a904cd1ff97954a22a9c0587da08bb2a93de544bb68975e57f8f10d4fc7f3424bc834e492fd741712fbc7eddbd9ef0684
-
SSDEEP
1536:w+l/PB3HF7e71w9agLkkZ7MTm9G3sJP3TTqBvCJFcRY:w+l/PBXF7o1w9E3eP33qBCJFcK
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ae2bf3aa5d8828e6147365bc81f354f5
Files
-
ae2bf3aa5d8828e6147365bc81f354f5.sys windows:5 windows x86 arch:x86
d3daf2245dcd370775e5c6428fc0e118
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE
Imports
ntdll
NtTerminateProcess
NtRaiseHardError
RtlInitUnicodeString
RtlAdjustPrivilege
RtlFreeHeap
RtlUpcaseUnicodeChar
RtlUnicodeStringToInteger
RtlAllocateHeap
RtlFreeUnicodeString
DbgPrintEx
RtlExtendedIntegerMultiply
NtQueryVolumeInformationFile
NtOpenFile
NtClose
wcslen
wcscpy
NtQueryInformationProcess
NtCreatePagingFile
NtSetInformationFile
NtQueryInformationFile
DbgPrint
NtQuerySystemInformation
_allmul
NtSetSecurityObject
RtlSetOwnerSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlAllocateAndInitializeSid
RtlDosPathNameToNtPathName_U
RtlExpandEnvironmentStrings_U
NtQueryValueKey
swprintf
NtOpenKey
NtSetValueKey
NtCreateKey
NtCreateFile
NtReadFile
_chkstk
wcsstr
_wcsupr
NtMakeTemporaryObject
NtCreateSymbolicLinkObject
NtOpenDirectoryObject
wcsncpy
RtlAnsiStringToUnicodeString
RtlInitAnsiString
_stricmp
NtCreateSection
LdrVerifyImageMatchesChecksum
NtCreateDirectoryObject
RtlSetEnvironmentVariable
LdrUnloadDll
LdrGetProcedureAddress
RtlInitString
LdrLoadDll
RtlCompareUnicodeString
RtlEqualString
memmove
_wcsicmp
RtlCreateUnicodeString
RtlDosSearchPath_U
RtlQueryEnvironmentVariable_U
RtlEqualUnicodeString
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
NtWaitForSingleObject
NtResumeThread
RtlDestroyProcessParameters
RtlCreateUserProcess
RtlCreateProcessParameters
RtlUnlockBootStatusData
RtlGetSetBootStatusData
RtlLockBootStatusData
NtDisplayString
sprintf
NtDuplicateObject
RtlLengthSid
RtlGetAce
RtlPrefixUnicodeString
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtQueryDirectoryObject
NtRequestWaitReplyPort
RtlFindMessage
NtSetEvent
NtSetSystemInformation
NtCreateEvent
RtlLeaveCriticalSection
RtlEnterCriticalSection
wcscat
LdrQueryImageFileExecutionOptions
NtDelayExecution
NtInitializeRegistry
RtlQueryRegistryValues
NtDeleteValueKey
RtlCreateEnvironment
RtlCreateUserThread
NtCreatePort
RtlInitializeCriticalSection
NtSetInformationProcess
RtlCreateTagHeap
NtSetInformationThread
NtQueryInformationToken
NtOpenThreadToken
NtImpersonateClientOfPort
NtConnectPort
NtCompleteConnectPort
NtAcceptConnectPort
NtOpenProcess
NtReplyWaitReceivePort
RtlExitUserThread
NtReplyPort
RtlSetThreadIsCritical
NtWaitForMultipleObjects
RtlSetProcessIsCritical
RtlUnicodeStringToAnsiString
NtAdjustPrivilegesToken
NtOpenProcessToken
RtlUnhandledExceptionFilter
RtlUnwind
NtQueryVirtualMemory
DbgBreakPoint
RtlNormalizeProcessParams
Sections
.text Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ