Static task
static1
General
-
Target
0d5d911fa723ba38d5f9e3eaba80b406
-
Size
50KB
-
MD5
0d5d911fa723ba38d5f9e3eaba80b406
-
SHA1
0e639fa2cec049cdcd5aa5f24d4c0411893eba33
-
SHA256
e24859ea7d190e532e86c2bbe3606acbcf85f9361747c8fe4a31419a271ce41b
-
SHA512
cd3606d737a0668c1bd3b5bb5da9798cc7cb808ee137c646613c8b6a2463db19cc0e87aef6c13116a5723282a98d014c5974615b1823da55b6d8b0f979de5ad6
-
SSDEEP
768:S0oxuxIeHYrr9AQGYlAa8rO/2G3V2XwIHjlqNJITKxrvfZ4:tarZNrtoG3QTHcYWtvC
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0d5d911fa723ba38d5f9e3eaba80b406
Files
-
0d5d911fa723ba38d5f9e3eaba80b406.sys windows:4 windows x86 arch:x86
90a2400d3e26501d6078d4864e61f072
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExFreePool
ZwClose
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
RtlInitUnicodeString
MmGetSystemRoutineAddress
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
wcscat
wcscpy
PsCreateSystemThread
ZwEnumerateKey
ZwOpenKey
ZwQueryValueKey
_except_handler3
ZwDeleteValueKey
KeDelayExecutionThread
_strnicmp
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
IoRegisterDriverReinitialization
wcsncmp
towlower
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
ZwSetValueKey
IofCompleteRequest
wcsstr
Sections
.text Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 256B - Virtual size: 251B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 960B - Virtual size: 954B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 928B - Virtual size: 920B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ