Static task
static1
General
-
Target
e11704ce47bdaf417e0e03e44fa46e86
-
Size
73KB
-
MD5
e11704ce47bdaf417e0e03e44fa46e86
-
SHA1
b58e1a0ffbb1055c21e78778a605217c23335d4d
-
SHA256
8d4cb49d89c3366337b5b76b1c6df2a9e593a68e8544e6d7fd05e9111eaa813b
-
SHA512
ba8750a9e7c5d37606e6e3b7c2407e5c78337cfd0b70862bc14940389965cce3836757385ceb3b2311a58a6ba7cc7d9ce6a9c99794473a2904b6af6b1a1a684c
-
SSDEEP
1536:T+l/PB3HF7e71w9agLkkZ7MTm9G3sJP3TTqBvCdSgR/Ecf2ph4jSSHl64/:T+l/PBXF7o1w9E3eP33qBCdSgeVLJY
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e11704ce47bdaf417e0e03e44fa46e86
Files
-
e11704ce47bdaf417e0e03e44fa46e86.sys windows:5 windows x86 arch:x86
d3daf2245dcd370775e5c6428fc0e118
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE
Imports
ntdll
NtTerminateProcess
NtRaiseHardError
RtlInitUnicodeString
RtlAdjustPrivilege
RtlFreeHeap
RtlUpcaseUnicodeChar
RtlUnicodeStringToInteger
RtlAllocateHeap
RtlFreeUnicodeString
DbgPrintEx
RtlExtendedIntegerMultiply
NtQueryVolumeInformationFile
NtOpenFile
NtClose
wcslen
wcscpy
NtQueryInformationProcess
NtCreatePagingFile
NtSetInformationFile
NtQueryInformationFile
DbgPrint
NtQuerySystemInformation
_allmul
NtSetSecurityObject
RtlSetOwnerSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlAllocateAndInitializeSid
RtlDosPathNameToNtPathName_U
RtlExpandEnvironmentStrings_U
NtQueryValueKey
swprintf
NtOpenKey
NtSetValueKey
NtCreateKey
NtCreateFile
NtReadFile
_chkstk
wcsstr
_wcsupr
NtMakeTemporaryObject
NtCreateSymbolicLinkObject
NtOpenDirectoryObject
wcsncpy
RtlAnsiStringToUnicodeString
RtlInitAnsiString
_stricmp
NtCreateSection
LdrVerifyImageMatchesChecksum
NtCreateDirectoryObject
RtlSetEnvironmentVariable
LdrUnloadDll
LdrGetProcedureAddress
RtlInitString
LdrLoadDll
RtlCompareUnicodeString
RtlEqualString
memmove
_wcsicmp
RtlCreateUnicodeString
RtlDosSearchPath_U
RtlQueryEnvironmentVariable_U
RtlEqualUnicodeString
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
NtWaitForSingleObject
NtResumeThread
RtlDestroyProcessParameters
RtlCreateUserProcess
RtlCreateProcessParameters
RtlUnlockBootStatusData
RtlGetSetBootStatusData
RtlLockBootStatusData
NtDisplayString
sprintf
NtDuplicateObject
RtlLengthSid
RtlGetAce
RtlPrefixUnicodeString
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtQueryDirectoryObject
NtRequestWaitReplyPort
RtlFindMessage
NtSetEvent
NtSetSystemInformation
NtCreateEvent
RtlLeaveCriticalSection
RtlEnterCriticalSection
wcscat
LdrQueryImageFileExecutionOptions
NtDelayExecution
NtInitializeRegistry
RtlQueryRegistryValues
NtDeleteValueKey
RtlCreateEnvironment
RtlCreateUserThread
NtCreatePort
RtlInitializeCriticalSection
NtSetInformationProcess
RtlCreateTagHeap
NtSetInformationThread
NtQueryInformationToken
NtOpenThreadToken
NtImpersonateClientOfPort
NtConnectPort
NtCompleteConnectPort
NtAcceptConnectPort
NtOpenProcess
NtReplyWaitReceivePort
RtlExitUserThread
NtReplyPort
RtlSetThreadIsCritical
NtWaitForMultipleObjects
RtlSetProcessIsCritical
RtlUnicodeStringToAnsiString
NtAdjustPrivilegesToken
NtOpenProcessToken
RtlUnhandledExceptionFilter
RtlUnwind
NtQueryVirtualMemory
DbgBreakPoint
RtlNormalizeProcessParams
Sections
_kelly_ Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.text Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ