Static task
static1
General
-
Target
b962a9ba560b866624e49213267d84c6
-
Size
27KB
-
MD5
b962a9ba560b866624e49213267d84c6
-
SHA1
99c19320cadab1f3eeb64896fcd8d4563531e780
-
SHA256
7a416e1a7f9dab9b02d3b532226bd505f3d72b396ede318168ed3e8b1dd1b6ae
-
SHA512
0d67bd682e1ea3e7a25ca3ce65d5d205647f44430705e81c39e0e16c42c62a4e2da6243f1b6951372dcea211456a412075ecd17690cb0affa8ae18169c547885
-
SSDEEP
768:+HPfFN2V0nrduJNJO+eBgCWDReHN9I/fXJc:+nBrATveT3WG
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b962a9ba560b866624e49213267d84c6
Files
-
b962a9ba560b866624e49213267d84c6.sys windows:4 windows x86 arch:x86
d28ccff36fa1d41e94f8c78c8d5a3175
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
swprintf
wcscat
wcscpy
_stricmp
strncpy
ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
MmIsAddressValid
_strnicmp
IoGetCurrentProcess
strncmp
_wcsnicmp
wcslen
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwUnmapViewOfSection
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
ObfDereferenceObject
ObQueryNameString
RtlCopyUnicodeString
IofCompleteRequest
RtlCompareUnicodeString
_except_handler3
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 704B - Virtual size: 700B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ