Static task
static1
General
-
Target
d45503739a3f9231a1a2f36de48fc55d
-
Size
24KB
-
MD5
d45503739a3f9231a1a2f36de48fc55d
-
SHA1
15ba29ce268c9937577095d4374ec5d97445ad3e
-
SHA256
356a5868c777226a94703e13fb80baa718774328976d1cb651c4c0f9ac33e790
-
SHA512
eb296c12e0fbdd3ff29917d8a9cad481678e1aef114dd4af983447ddfed78ea48fdf8bfc77277942c45609fda0fe3205fe4e616d0174a916e817032acfc1f1f3
-
SSDEEP
768:bK1Sd1r5F0+QXuEjcOQexRB2sATzMcnFvUytL2qhMI+tY1YgHMAwP/:uEd1r5a+QXPX0jtz/HU/
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d45503739a3f9231a1a2f36de48fc55d
Files
-
d45503739a3f9231a1a2f36de48fc55d.sys windows:4 windows x86 arch:x86
1b613dbc3d7496227561ab9afb4fc2ba
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
MmIsAddressValid
ZwUnmapViewOfSection
srand
KeDelayExecutionThread
ZwCreateKey
wcslen
atol
swprintf
strchr
wcscat
wcscpy
isxdigit
isspace
toupper
strncmp
IoGetCurrentProcess
_wcslwr
wcsncpy
PsGetVersion
_wcsnicmp
ZwOpenKey
ZwEnumerateKey
ZwSetValueKey
ZwCreateFile
tolower
IoRegisterDriverReinitialization
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
PsSetCreateProcessNotifyRoutine
strstr
islower
DbgPrint
Sections
.text Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 672B - Virtual size: 656B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ