Static task
static1
General
-
Target
c4cacaae691be1ebbe483ecd8dd698a9
-
Size
20KB
-
MD5
c4cacaae691be1ebbe483ecd8dd698a9
-
SHA1
963261d5b776edcede55b19a89558bfb85205c74
-
SHA256
eaf075c8a680a3e242d0ae3c1f8056f4911c9e6f41970a2a622e7610674740e7
-
SHA512
991a7fb7fdd4706eb31adcaa75cd0da5a6ff952caa2ff0cd0ce084eabe6ee404d5930566b83ce5fba076c66bdcfb8f921f24e153ab061e36a76a43210254ed12
-
SSDEEP
384:nRRnNKDb1FZTAbfXY/acTElCujeJBAjMHsIpiKnE4T7pYF4u3UVaDwBt3oZSbMt7:PNKDbhAbfXY/JtsIpiKE4T7pYF4u3UVL
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c4cacaae691be1ebbe483ecd8dd698a9
Files
-
c4cacaae691be1ebbe483ecd8dd698a9.sys windows:4 windows x86 arch:x86
5740d200fbf4837ee0f019f97861a3aa
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
IoGetCurrentProcess
_except_handler3
_wcsnicmp
wcslen
RtlCompareUnicodeString
RtlInitUnicodeString
ExGetPreviousMode
_stricmp
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
ZwSetValueKey
strstr
ZwQueryValueKey
ZwClose
ExFreePool
ZwCreateKey
wcscat
wcscpy
ExAllocatePoolWithTag
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwOpenKey
KeServiceDescriptorTable
PsGetVersion
_snwprintf
ZwEnumerateKey
PsCreateSystemThread
strncpy
PsLookupProcessByProcessId
ZwCreateFile
IofCompleteRequest
MmGetSystemRoutineAddress
PsSetCreateProcessNotifyRoutine
ZwWriteFile
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 928B - Virtual size: 902B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ