Static task
static1
General
-
Target
547c4fee1bd6256fd65b9ce05ae0713e
-
Size
25KB
-
MD5
547c4fee1bd6256fd65b9ce05ae0713e
-
SHA1
c8bc317ddc87c4a99283476aabdd6d925ff8b2c3
-
SHA256
c1853d8025b3f429da3ec31dc682b0ddad6fd63fe88c5d705c3547a443574ac7
-
SHA512
c91b97e06853380ee8ae74d135c2c19df001e4ab017db1f4c27915c9aea158e8bbc12f35302560b163592a1c072f2af9b5d6ee069f341d91d63a0e435227bb03
-
SSDEEP
768:yxsGOqI+QX77fuCuzMDofoG8nNDNgJDY8Avw+W8:yxs/XX7fS/o1NDu
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 547c4fee1bd6256fd65b9ce05ae0713e
Files
-
547c4fee1bd6256fd65b9ce05ae0713e.sys windows:5 windows x86 arch:x86
70c6372db66870185e4534c7e40113dd
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_strnicmp
ZwClose
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
KeDelayExecutionThread
ZwQueryValueKey
_except_handler3
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
ZwDeleteValueKey
IofCompleteRequest
IoGetCurrentProcess
strncmp
PsGetVersion
strncpy
wcsncmp
wcslen
towlower
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
wcsstr
IoRegisterDriverReinitialization
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 800B - Virtual size: 782B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ