Static task
static1
General
-
Target
c779a2409392c259ac4cd4d6f727fef0N.exe
-
Size
13KB
-
MD5
c779a2409392c259ac4cd4d6f727fef0
-
SHA1
3c078f4bc5191a4e10abff4a6d69ad2f11554a5e
-
SHA256
012805540f35d6ff7fb7ed62c553e3b3d89da7582dc2794328092d1d284f3d40
-
SHA512
c4b835e0d65041e4f49a5ab6202d31b702a57c53d3e8a077fe11a64b1fd56f305ce38ed2f16051ce0110d3e5d99d81b5afd646c075bec256c51ef1a20c909f56
-
SSDEEP
192:fS7iPigcCcrKcdEZEP3RsZsqNTuol9fKRI+SA7b:vigchrKFmP3RWViol9fKpS
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c779a2409392c259ac4cd4d6f727fef0N.exe
Files
-
c779a2409392c259ac4cd4d6f727fef0N.exe.sys windows:4 windows x86 arch:x86
4052d9e1ee0f7ec827f16056a5e8e6a6
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strlen
strncmp
IoGetCurrentProcess
_except_handler3
ZwClose
RtlFreeUnicodeString
ZwSetValueKey
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwOpenKey
RtlInitUnicodeString
ExFreePool
_snwprintf
ZwEnumerateKey
memset
ExAllocatePoolWithTag
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
_wcsnicmp
wcslen
memcpy
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
PsGetVersion
ZwCreateFile
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 942B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 352B - Virtual size: 328B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ