Static task
static1
General
-
Target
237b22aafd0cad005a211ed14b5fb8f0
-
Size
30KB
-
MD5
237b22aafd0cad005a211ed14b5fb8f0
-
SHA1
5b15021f4a67a09e9db862070d7d17f8753a79db
-
SHA256
c7a5dd1fe9e68e93c3c9afc3a5e3164b91f1714c73475e66a64a932df1da16a6
-
SHA512
3686b48228f527253ed72225093b195e952f9e91593242e2597c97ee2121f75479e314e0069b5b82e32e258b2f4ace75d1167f71d3f0ab777efce299a069a4c4
-
SSDEEP
768:usay6En54GRETuN5GviitMb8IzMaZshRDlcWi9h:u4hBFg3kTZsh/cWKh
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 237b22aafd0cad005a211ed14b5fb8f0
Files
-
237b22aafd0cad005a211ed14b5fb8f0.sys windows:5 windows x86 arch:x86
5b85d45360a48c0b2e407eb4e34f55a6
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
ExFreePool
ZwClose
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
RtlInitUnicodeString
wcscpy
ZwEnumerateKey
wcscat
ZwOpenKey
KeDelayExecutionThread
IoRegisterDriverReinitialization
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
ZwDeleteValueKey
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
wcsstr
wcsncmp
wcslen
towlower
IofCompleteRequest
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
_strnicmp
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 832B - Virtual size: 802B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ