Static task
static1
General
-
Target
16576839162c450dfc86ee4ef9d4fc70
-
Size
46KB
-
MD5
16576839162c450dfc86ee4ef9d4fc70
-
SHA1
39328eb82e80399297427cba87bdb6fdf8fd609b
-
SHA256
9322c54220c848ff226068b548ba8e0b8db0efc80bfc987148ff1df7450f7a59
-
SHA512
d5d15c2235bb35df4a8e4f518d35e44aab64e76e804707d88cc0b2a5cfe5ae6d7c010ac80a0b9866065baf2ad6e64b01c514a1a08950c2ac699db6b262236975
-
SSDEEP
768:oa/Nl1ZV0mEgWMJavkrHNlTmbE/hxEi8IFdA+hErdSIZOUNs121I3FJG0:oMNomQUNlvdkgK+8IB
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 16576839162c450dfc86ee4ef9d4fc70
Files
-
16576839162c450dfc86ee4ef9d4fc70.sys windows:4 windows x86 arch:x86
d847737bf93fa89795ce5856e6a38e5b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
RtlInitUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
ExFreePool
ExAllocatePoolWithTag
strncmp
strncpy
ZwClose
ZwCreateFile
IoRegisterDriverReinitialization
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
MmGetSystemRoutineAddress
ZwQueryValueKey
ZwOpenKey
_except_handler3
ZwDeleteValueKey
KeDelayExecutionThread
PsCreateSystemThread
wcscpy
ZwEnumerateKey
wcscat
wcsncmp
towlower
_strnicmp
wcsstr
IofCompleteRequest
Sections
.text Size: 37KB - Virtual size: 37KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 896B - Virtual size: 894B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ