Static task
static1
General
-
Target
6b8ef4bf510405e34f1653f91331bc4f
-
Size
26KB
-
MD5
6b8ef4bf510405e34f1653f91331bc4f
-
SHA1
7dc5f5d6121d026a304f7759065fbf09172e2639
-
SHA256
47bdc24029800c12edb51aa5397f30727c47882ce7e0de4b4a63a9069984b07e
-
SHA512
39af90a8bd7ff502361d25cc5602964d8c4bea2b06a8d4d2af236c0026d290bb553bf2d6a38cabb8988e0484cce67e79716d239f5d823985493fb17da1ab0a11
-
SSDEEP
768:wnS6i2ngpg9PNdg1+c4L0VTqM6DBuUvtZ9kNeIjl/v+cjQ6VfMrZk:Qi2gpEPNd8+c4L0VTqM6FtvtZ6RjFv+p
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6b8ef4bf510405e34f1653f91331bc4f
Files
-
6b8ef4bf510405e34f1653f91331bc4f.sys windows:5 windows x86 arch:x86
b5fdfef3c498a3ab1ec62931d6b1098d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ExFreePool
wcscat
wcscpy
ZwEnumerateKey
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
KeDelayExecutionThread
_strnicmp
ZwQueryValueKey
_except_handler3
wcsncmp
wcslen
towlower
ZwDeleteValueKey
PsCreateSystemThread
IofCompleteRequest
IoGetCurrentProcess
strncmp
PsGetVersion
strncpy
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IoRegisterDriverReinitialization
wcsstr
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 768B - Virtual size: 734B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ