Static task
static1
General
-
Target
29dfb123532f3942a94ad555fb443e0c
-
Size
29KB
-
MD5
29dfb123532f3942a94ad555fb443e0c
-
SHA1
70b05f048d5495c5baead4f6b0cf6b7662fcba1a
-
SHA256
7cc105ebe99fa9ad4e9a0e88de6f9f3326f15375573de68ad9fc91172b278e23
-
SHA512
f70b98a5ee00c16e7fdba28eee6198947f2824506f4e326ad5485e8ca7a67453ab9e8857c998d3f721812bd38e41591a9d4f094cfe013cf8fc56b3319726d20f
-
SSDEEP
768:Iz2tpSgpS4jQ/c+NAbBHl7mDscALaos/OV/MV9Rm7:82N8aCQl7EDpos/y
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 29dfb123532f3942a94ad555fb443e0c
Files
-
29dfb123532f3942a94ad555fb443e0c.sys windows:5 windows x86 arch:x86
187404ce5c3a4fb968c8a5f7aef21b49
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
wcscat
wcscpy
ZwClose
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
_except_handler3
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
IofCompleteRequest
ZwDeleteValueKey
KeDelayExecutionThread
_strnicmp
ZwEnumerateKey
wcsncmp
wcslen
towlower
IoRegisterDriverReinitialization
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
wcsstr
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
Sections
.text Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 800B - Virtual size: 800B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ