Static task
static1
General
-
Target
c6cfe7b3535da56ee2af1f1e4a86aa80N.exe
-
Size
40KB
-
MD5
c6cfe7b3535da56ee2af1f1e4a86aa80
-
SHA1
de098c2d4bbcc327326ee142c411cc2a0258e451
-
SHA256
8dca75ad30bb958a102b5ee110c55198676f9ca00cb77a64d75af9c715421806
-
SHA512
c2326faebd68e49be9596f40f4db3728d5df7c5b8bd01fbc53867ec39da63ce4deb719d518867db6615cdfc9f05770fae048f440cb6144b9d35e6c05becb4b42
-
SSDEEP
768:PX837K1MiTyD0IiAo/+rkMwt5vZk4BS4P1wiEUNgmd:PX8rK6iTDAWIwTvi4mMa
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c6cfe7b3535da56ee2af1f1e4a86aa80N.exe
Files
-
c6cfe7b3535da56ee2af1f1e4a86aa80N.exe.sys windows:4 windows x86 arch:x86
62f83e65d1538aa9a209582fda4283af
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwSetValueKey
wcslen
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
_except_handler3
RtlCompareUnicodeString
swprintf
wcscat
wcscpy
ZwCreateKey
wcsncpy
wcsrchr
IofCompleteRequest
strncmp
IoGetCurrentProcess
strncpy
MmGetSystemRoutineAddress
_wcsnicmp
ZwCreateFile
ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
RtlAnsiStringToUnicodeString
_wcsicmp
KeQuerySystemTime
ObReferenceObjectByHandle
KeTickCount
KeQueryTimeIncrement
_stricmp
wcsstr
_wcslwr
MmIsAddressValid
ZwDeleteKey
IoRegisterDriverReinitialization
_snwprintf
PsLookupProcessByProcessId
PsCreateSystemThread
PsSetCreateProcessNotifyRoutine
wcschr
KeDelayExecutionThread
PsGetVersion
RtlCopyUnicodeString
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
_snprintf
ZwSetInformationFile
IoDeviceObjectType
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 58B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ