Static task
static1
General
-
Target
0722cd9cab4666e3225eb7ad3da20117
-
Size
29KB
-
MD5
0722cd9cab4666e3225eb7ad3da20117
-
SHA1
9891b773ecfc6c3e01657d3b224707052200316d
-
SHA256
2d05d33c5e4dc19d2cac9dd603fabfda5398a63e25c5ab7663f87285b14b4748
-
SHA512
f5dbd5cdea204a39d0c66066dfc23230062de3f4bd3a9766c1b5cb89c39de76ee5595404e6a51e4e6706d9fe20347a7fe09891e447af918f101ffac207c622c8
-
SSDEEP
768:fgMq1xpyt8VqjdAytnUSyqHEFb+CvuVOptAu3VTlHFMHXN:fD0Dyt8Vw79EZWia2TlGX
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0722cd9cab4666e3225eb7ad3da20117
Files
-
0722cd9cab4666e3225eb7ad3da20117.sys windows:5 windows x86 arch:x86
11fa9ec6cd397f24c1f728185072ebbb
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
ZwClose
ZwDeleteValueKey
RtlInitUnicodeString
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
_strnicmp
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcscat
wcscpy
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
ExFreePool
ZwEnumerateKey
ExAllocatePoolWithTag
IofCompleteRequest
wcsncmp
wcslen
towlower
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwCreateFile
IoRegisterDriverReinitialization
wcsstr
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 832B - Virtual size: 814B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ