Static task
static1
General
-
Target
2536cbaef260d6ac29979fa63711eca1
-
Size
45KB
-
MD5
2536cbaef260d6ac29979fa63711eca1
-
SHA1
d680add0e346daaa5717eae2034e9054bffddf54
-
SHA256
58f4025a339f805d4c2be20c386358ffed7870985a3d6a3428297c2a2e354444
-
SHA512
a858128d9777533b8db67c5d93dbdecb34b66970b8e0b3204366169c92ee2be761aa7f453868277c74db3f79e6542b511b4722475a5eafaa1ba81cf01704f4a8
-
SSDEEP
768:6vUNFae5LeOQhtJ3CvnOpib2F3zM8YnijJONMCzersSD+aAp23p2AoIRMjxIubVj:RDae5P8COpib2F3zM8BjJONMWersSD+d
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2536cbaef260d6ac29979fa63711eca1
Files
-
2536cbaef260d6ac29979fa63711eca1.sys windows:4 windows x86 arch:x86
78459783e5ccb0c7f433ddaf3ffc07dc
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
RtlInitUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
ExFreePool
ExAllocatePoolWithTag
IofCompleteRequest
ZwClose
ZwCreateFile
IoRegisterDriverReinitialization
wcsncmp
wcslen
towlower
strncmp
strncpy
MmGetSystemRoutineAddress
ZwDeleteValueKey
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
wcsstr
wcscat
wcscpy
ZwEnumerateKey
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
_strnicmp
Sections
.text Size: 37KB - Virtual size: 37KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 928B - Virtual size: 898B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ