Static task
static1
General
-
Target
d5c84523b036e07097445617d85c505e
-
Size
20KB
-
MD5
d5c84523b036e07097445617d85c505e
-
SHA1
b2c44beb9d5326fd8287370c63a281be37a9b109
-
SHA256
fe42e0f2ba335e1950d0dbbe7172eb2c893ad20da81cd7e889299d118d272978
-
SHA512
3abe88baea6819e0314340bc789ad2b6f5c68326ac4278cb7f7fea2432e0bd871c5a7c1ecd62710ef9daeebd57a49cbda641ccd38e1382b56accbc857952e187
-
SSDEEP
384:1rlktChdR1jpperwYslccD1/VlZEnouf:8WLoYD1/qno6
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d5c84523b036e07097445617d85c505e
Files
-
d5c84523b036e07097445617d85c505e.sys windows:5 windows x86 arch:x86
5d1dde690200750916f2e397a95df91c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_except_handler3
RtlInitUnicodeString
IoFreeMdl
MmUnmapLockedPages
MmMapLockedPages
MmBuildMdlForNonPagedPool
IoAllocateMdl
KeInitializeSpinLock
wcsstr
ExFreePoolWithTag
_wcslwr
wcsncat
wcscat
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
ExAllocatePoolWithTag
_local_unwind2
wcslen
KeGetCurrentThread
_stricmp
ZwQuerySystemInformation
RtlQueryRegistryValues
PsGetCurrentProcessId
IofCompleteRequest
IoDeleteDevice
KeServiceDescriptorTable
wcscpy
ObOpenObjectByName
IoCreateSymbolicLink
IoCreateDevice
wcsncpy
ZwCreateKey
KeTickCount
KeBugCheckEx
MmGetSystemRoutineAddress
RtlAppendUnicodeToString
hal
KeGetCurrentIrql
Sections
.text Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 996B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ