Static task
static1
General
-
Target
271ba07f3061ca3d757779332cc761ba
-
Size
50KB
-
MD5
271ba07f3061ca3d757779332cc761ba
-
SHA1
a909671aa81fad368983ae5a1d051fcbd7af6563
-
SHA256
6463b83eaf443a37cb826dbb36488e4704e77c9a90568dacf482309319a9e634
-
SHA512
c779a2ea3e2663c0707c0dfbd3521917e6b8e7e0a47e8b5fcc29dccf1e2fa6993d11039bd7dbbed8f8c12ae192624bc06ffac6039b22951275c61c76da3be429
-
SSDEEP
1536:s9OCfTvqlzcQORBzLvkcUCGoX5qAfzjLHVtck5kazybod24Qz5nxuNb:sOCfTvBQORBzLvk5CGoX5qAfzjbVtckB
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 271ba07f3061ca3d757779332cc761ba
Files
-
271ba07f3061ca3d757779332cc761ba.sys windows:4 windows x86 arch:x86
8b1401c3aa10f2fcb9ac6d7d63958479
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
wcsncmp
wcslen
towlower
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
IofCompleteRequest
ExFreePool
ZwClose
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
RtlInitUnicodeString
MmGetSystemRoutineAddress
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwDeleteValueKey
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
_strnicmp
wcscpy
ZwEnumerateKey
wcscat
IoRegisterDriverReinitialization
wcsstr
Sections
.text Size: 42KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 864B - Virtual size: 862B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ