Static task
static1
General
-
Target
2d557cf59e6c0ad085553ba5424482c6
-
Size
25KB
-
MD5
2d557cf59e6c0ad085553ba5424482c6
-
SHA1
db33f750dbda24347a919bd094c4fd27e2e8c1a5
-
SHA256
7d818284007cc1e62b0e7d2d3be047aefdcb34aac367d87bf630f0be52bd3cc6
-
SHA512
8d0b7a0da5848980dd5a93018a3006f7e5b2367848a86ec6b6b6e109d1239b82db26a3ab065c6e0cf7149e6fbd96437d1f1b235c298d10a29f9953eec0e22103
-
SSDEEP
768:o1mHLEN5eXOvDmnO8UQp/okx+j+36iqSyAl5EOFhd21zcZyMr:oCgnvDmOzQJokx+jM6iqSyAl5EQ3gQ7
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2d557cf59e6c0ad085553ba5424482c6
Files
-
2d557cf59e6c0ad085553ba5424482c6.sys windows:5 windows x86 arch:x86
32411827a03e405608e97b70c3590526
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IofCompleteRequest
IoGetCurrentProcess
ZwClose
ZwDeleteValueKey
RtlInitUnicodeString
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
ZwCreateFile
IoRegisterDriverReinitialization
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
wcscpy
ZwEnumerateKey
wcscat
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
wcsstr
wcsncmp
towlower
_strnicmp
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
strncmp
strncpy
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 768B - Virtual size: 742B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ