Static task
static1
General
-
Target
03ee9520cbdc97dd5aeeec4aaca434ac
-
Size
27KB
-
MD5
03ee9520cbdc97dd5aeeec4aaca434ac
-
SHA1
57f4f5f00071e8c47672dcfa4728c081ed0a9901
-
SHA256
fd2c633229acc06d3860aac39eca9b9ccd53b4aee6b339353a150cf84cc7db78
-
SHA512
b08534e2c9c8a54d3ddbe812c9ec18b22c8e75a50681f696e19bf40a063176a7e3b57cdab12a4904b487b50cff10f93d916863743562f753532206f121c5b887
-
SSDEEP
768:1M6hlooOVr+dCo2oukoX0dN/h6CCWioCjmUQEA9a:1Mqle+dJ36CoJjmUQxg
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 03ee9520cbdc97dd5aeeec4aaca434ac
Files
-
03ee9520cbdc97dd5aeeec4aaca434ac.sys windows:5 windows x86 arch:x86
737ef05e5b42a6f8975a605563e7d172
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
wcsstr
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
_strnicmp
wcsncmp
towlower
IofCompleteRequest
IoGetCurrentProcess
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcscat
wcscpy
PsCreateSystemThread
ExFreePool
ZwEnumerateKey
ExAllocatePoolWithTag
KeDelayExecutionThread
ZwCreateFile
IoRegisterDriverReinitialization
ZwDeleteValueKey
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
strncmp
strncpy
Sections
.text Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 800B - Virtual size: 782B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ