Static task
static1
General
-
Target
bab311629e112dbe901588f62b4036d6
-
Size
3KB
-
MD5
bab311629e112dbe901588f62b4036d6
-
SHA1
d3bc96ef59c44e887d3df3695aa83ce0e20f7362
-
SHA256
53ffbac94e94c3603a1dca902f157154466203e8b0d5e4b90921bdbacf40abc3
-
SHA512
9307b2b785cf6d97c77707d3ed0083559ef47ac2e96c3f9b9179939aa8f43e6f1e2386971f039e64f4dd6ba7633f85e63314fcf019341a806a20c461f30f05a0
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bab311629e112dbe901588f62b4036d6
Files
-
bab311629e112dbe901588f62b4036d6.sys windows:5 windows x86 arch:x86
74c5b910f2488b099d51e66085d06cca
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalAddress
KeServiceDescriptorTable
KeSetEvent
KeDelayExecutionThread
memmove
KeWaitForSingleObject
RtlFreeAnsiString
_stricmp
ObfDereferenceObject
RtlUnicodeStringToAnsiString
ObReferenceObjectByHandle
KeInitializeEvent
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 928B - Virtual size: 921B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 288B - Virtual size: 266B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 64B - Virtual size: 36B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 576B - Virtual size: 564B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 160B - Virtual size: 156B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ