Static task
static1
General
-
Target
e1fee9083993656bec6e14a0cc372ac1
-
Size
20KB
-
MD5
e1fee9083993656bec6e14a0cc372ac1
-
SHA1
a80e57104037a0f46e009fb797089164b40dd4b0
-
SHA256
fac2376bd6a5ad2dba3228143c86207d6e1885ebbc32c5c5c837088df547687d
-
SHA512
75dd790f7ca7f31a72dd08fcaf6c636a85b9fc552cc2eeb063726687c517dc525fa10ba91031e1d8b98e147e2f75ac1ca5f333fc11ff329709c5479ef90e1e8e
-
SSDEEP
384:ZRRnNKDb1FZTAbfXY/acTElCujeJBAjMHsIpiKnE4T7pYF4u3UVaDwBt3oZSbMtO:BNKDbhAbfXY/JtsIpiKE4T7pYF4u3UVo
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e1fee9083993656bec6e14a0cc372ac1
Files
-
e1fee9083993656bec6e14a0cc372ac1.sys windows:4 windows x86 arch:x86
5740d200fbf4837ee0f019f97861a3aa
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
IoGetCurrentProcess
_except_handler3
_wcsnicmp
wcslen
RtlCompareUnicodeString
RtlInitUnicodeString
ExGetPreviousMode
_stricmp
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
ZwSetValueKey
strstr
ZwQueryValueKey
ZwClose
ExFreePool
ZwCreateKey
wcscat
wcscpy
ExAllocatePoolWithTag
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwOpenKey
KeServiceDescriptorTable
PsGetVersion
_snwprintf
ZwEnumerateKey
PsCreateSystemThread
strncpy
PsLookupProcessByProcessId
ZwCreateFile
IofCompleteRequest
MmGetSystemRoutineAddress
PsSetCreateProcessNotifyRoutine
ZwWriteFile
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 928B - Virtual size: 902B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ