Static task
static1
General
-
Target
1358a2a09f1ea29913efd2bc59c98e49
-
Size
30KB
-
MD5
1358a2a09f1ea29913efd2bc59c98e49
-
SHA1
7ef47366c45b0f8bd1704ed15c9b8d66a104b529
-
SHA256
106b1d0ae59540a29130aee4c36de83f5b93027911be8e27684caaaccc510ccf
-
SHA512
fb084e0e5474a790eefb1340d9db9670e8fde28016be72dc9efe9cf6c6c70aeef11ec94ea1c6c5421ab26b7cd05dab2ee41226f1a15122bf1e51e30b14d0c910
-
SSDEEP
768:Ub/ApydoQWKvasg/AEERYp/foQ4mM45JoAwSNqij5:UbFasgYv+pndB5Jj
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1358a2a09f1ea29913efd2bc59c98e49
Files
-
1358a2a09f1ea29913efd2bc59c98e49.sys windows:5 windows x86 arch:x86
9b25e6edcd8234aae329b15368d0620b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
wcsncmp
wcslen
towlower
ZwClose
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
KeDelayExecutionThread
ZwCreateFile
IoRegisterDriverReinitialization
wcsstr
ZwQueryValueKey
_except_handler3
ZwDeleteValueKey
PsCreateSystemThread
IofCompleteRequest
IoGetCurrentProcess
strncmp
PsGetVersion
strncpy
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
_strnicmp
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 832B - Virtual size: 808B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ