Static task
static1
General
-
Target
252da7b389cad8db367a9610c05a82e3
-
Size
33KB
-
MD5
252da7b389cad8db367a9610c05a82e3
-
SHA1
8274f41c5be74b89ff4513810ad4d59d8745181c
-
SHA256
69756dd6910cbace14ba4d60ac634c0cad7aa97ca60a7e3e7b6ee3b4ef8910be
-
SHA512
a735ddc96c1e176829fda7281de977f54530bc9e5ef4675bfb4396c9032197487ce7fdd0255a107fb0a796bcc67d2c757af55830977abcffcfdf23d8b8826083
-
SSDEEP
768:B5L62VSB0vK+icEpHyYNoxqNfjPaq80oDrl1jdq7nGn4hzj9sg7VPT/lQU0oh7uL:B522MB3ZcEpyYixq17ar0oDraygNWu1q
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 252da7b389cad8db367a9610c05a82e3
Files
-
252da7b389cad8db367a9610c05a82e3.sys windows:4 windows x86 arch:x86
6645c3a5f63611137706e80fdb263a39
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
wcsncmp
wcslen
towlower
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
isprint
ZwClose
wcsstr
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
toupper
_except_handler3
ExFreePool
wcscat
wcscpy
ZwEnumerateKey
ExAllocatePoolWithTag
KeDelayExecutionThread
ZwDeleteValueKey
PsCreateSystemThread
_strnicmp
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
strchr
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
atoi
KeServiceDescriptorTable
ZwSetValueKey
atol
isupper
tolower
IoRegisterDriverReinitialization
srand
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
strstr
islower
IofCompleteRequest
strrchr
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 992B - Virtual size: 978B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ