Static task
static1
General
-
Target
5f7735e4929a7a4cc79d01d58a1bcea1
-
Size
40KB
-
MD5
5f7735e4929a7a4cc79d01d58a1bcea1
-
SHA1
5534370cf265e6c24adf7b89381c1f4f8243e473
-
SHA256
ec2df419d17c64af5842af3769b042b099540893d8bc885b46ceba19146d20d2
-
SHA512
84ea3a736fa816993246ef166be3e61dafb77310c95935339fd1eb06fcdfe6b4f2cfb9ab444acd2b536b55803ee3884ee3263f74171b333b826af8dcdc20dbcb
-
SSDEEP
768:ljZRd39AEK8w03XtwGYw8UdD18LYnZeHSNXDA8lPi3iCe5Gn4:ljZXU8wm9nqUBMYnZmSJckNCe5
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5f7735e4929a7a4cc79d01d58a1bcea1
Files
-
5f7735e4929a7a4cc79d01d58a1bcea1.sys windows:4 windows x86 arch:x86
8c549b0970795edff52f9b1663dfebf6
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncpy
PsLookupProcessByProcessId
_stricmp
ZwClose
ZwSetValueKey
wcslen
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
_except_handler3
swprintf
strncmp
IoGetCurrentProcess
wcscat
wcscpy
wcsstr
_wcslwr
ZwSetInformationFile
ZwCreateFile
MmGetSystemRoutineAddress
IoRegisterDriverReinitialization
RtlCompareUnicodeString
ZwDeleteKey
_wcsnicmp
ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
PsCreateSystemThread
RtlCopyUnicodeString
IofCompleteRequest
_snwprintf
wcsncpy
wcschr
_wcsicmp
wcsrchr
RtlAnsiStringToUnicodeString
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeQueryTimeIncrement
MmIsAddressValid
PsGetVersion
ObReferenceObjectByHandle
_snprintf
KeQuerySystemTime
ZwCreateKey
IoDeviceObjectType
PsSetCreateProcessNotifyRoutine
KeDelayExecutionThread
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 64B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ