Static task
static1
General
-
Target
3c01519f17a15b8545eca3d826abce80N.exe
-
Size
35KB
-
MD5
3c01519f17a15b8545eca3d826abce80
-
SHA1
62324ca4640d1ea3d7978375c42d284bea9da9be
-
SHA256
b7d4de33f7d1848bc1cd13579847e43e269c4872f89d507cd87ce7d3109e81a2
-
SHA512
cc9b5061ec7ebaf9ae07eed74decde969149e5f01cea239be03bee4122958cd6595d0ffcffb27019cd677234446930adb19191723f0d059dcf0bad5f8eacd271
-
SSDEEP
768:oCpiPpTpspdpqpRpp1p8pkwpapCpTpMpdpKpSbqpCqpSxpiUpSfpCZpSqpixpSUy:72pG3w3L1mXQ8pG3wTrE1yMLEVavUzmG
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3c01519f17a15b8545eca3d826abce80N.exe
Files
-
3c01519f17a15b8545eca3d826abce80N.exe.sys windows:10 windows x64 arch:x64
a7f039eec35ab460140e0a9ddf36c423
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
RtlInitUnicodeString
RtlCompareUnicodeString
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoGetCurrentProcess
ObfDereferenceObject
KeAttachProcess
KeDetachProcess
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ZwAllocateVirtualMemory
MmCopyVirtualMemory
PsGetProcessPeb
IoCreateDriver
ZwProtectVirtualMemory
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 120B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 1024B - Virtual size: 642B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 36B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ