Static task
static1
General
-
Target
c01d5969813b87e1c574f5a5ac0523f6
-
Size
3KB
-
MD5
c01d5969813b87e1c574f5a5ac0523f6
-
SHA1
76458a66cd55b2d12089c6f58661289a6af55274
-
SHA256
2c3e120b671dc554fa13536afa384b4a69f1b5edc0bdc5dcf996ae98b3e05bad
-
SHA512
26a13a5aaf76afc90ea94d5e1e5224af343c2242d9c90d1c24f36171adfdb6341031049f42d237d5c2c1236f87010eafb3e5561f7b4801ef53fa279cda4a6186
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c01d5969813b87e1c574f5a5ac0523f6
Files
-
c01d5969813b87e1c574f5a5ac0523f6.sys windows:5 windows x86 arch:x86
ae56a0ea3fd2ca47387d38bedfd7401d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalAddress
KeServiceDescriptorTable
IofCompleteRequest
KeSetEvent
KeDelayExecutionThread
memmove
KeWaitForSingleObject
RtlFreeAnsiString
_stricmp
ObfDereferenceObject
RtlUnicodeStringToAnsiString
ObReferenceObjectByHandle
KeInitializeEvent
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 928B - Virtual size: 921B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 288B - Virtual size: 274B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 64B - Virtual size: 36B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 576B - Virtual size: 564B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 160B - Virtual size: 156B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ