Static task
static1
General
-
Target
12632462e74dfc9c9eefbf73d4d07849
-
Size
29KB
-
MD5
12632462e74dfc9c9eefbf73d4d07849
-
SHA1
dd7490a05b9b40c462839637de812174b55f3fcc
-
SHA256
9f2079c7cad967b4d56afdb4dc900b6cb8c91bc47a9dad9b7bfde332648048b1
-
SHA512
26c6629c99b2f9eebe3878801ba735860d057bd59e4e254ed5c4157a3d0cd78aa8b0426cc195092c1f402fcd4d4a59a668cb3c1d6e890fb4a0c9308be41ad1b2
-
SSDEEP
768:WmnkaWnb9llBG7+7PZNe8vBdJinidMPADmpWycfufv63XaGaSNkqwc:xktbdBeCPZoCB+r1QKGa
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 12632462e74dfc9c9eefbf73d4d07849
Files
-
12632462e74dfc9c9eefbf73d4d07849.sys windows:5 windows x86 arch:x86
6a1d4c420abaf26cecf9b2b0cda11e88
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExFreePool
ZwClose
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
RtlInitUnicodeString
_strnicmp
wcsstr
ZwQueryValueKey
ZwOpenKey
_except_handler3
IofCompleteRequest
IoGetCurrentProcess
ZwDeleteValueKey
KeDelayExecutionThread
PsCreateSystemThread
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcscat
wcscpy
strncmp
strncpy
IoRegisterDriverReinitialization
wcsncmp
towlower
ZwEnumerateKey
Sections
.text Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 800B - Virtual size: 794B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ