Static task
static1
General
-
Target
0a87b2405b79db33c5c366113d2cd9d0
-
Size
26KB
-
MD5
0a87b2405b79db33c5c366113d2cd9d0
-
SHA1
ad1f10dfb854ca477ea5a946fa87d8cbc9737934
-
SHA256
6ed9aaa8becb667cecd2070b239ad3efb5f797f95edf043e3a0e8ae854797934
-
SHA512
728d6a1e78ce0a7ced4fd8e79a703e1dd6d3ff29f3a232425ef964c440d46ac0cbb8d1c9df11598e92d87eb88d1b94db0ca4972f43eafb6dea1155115c1a1a51
-
SSDEEP
768:0RNaHYjJa1hZ4NKYJLK3VmDSRhM3U0SO/1VW:z4JaCEYJLK3VXhM191V
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0a87b2405b79db33c5c366113d2cd9d0
Files
-
0a87b2405b79db33c5c366113d2cd9d0.sys windows:5 windows x86 arch:x86
e7ad476eb9a3fd78d55a2cbb1ea51a2b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
ZwDeleteValueKey
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
wcsstr
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
_strnicmp
strncmp
strncpy
IofCompleteRequest
wcsncmp
towlower
IoRegisterDriverReinitialization
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 832B - Virtual size: 812B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ