Static task
static1
General
-
Target
3af748b9d0606808421ab704fb2db0fa
-
Size
29KB
-
MD5
3af748b9d0606808421ab704fb2db0fa
-
SHA1
2b24a9df0d4bce3e056f4aec581a172e0540aea0
-
SHA256
bdd942fc5a17961ba42a5d7bc9b290681c0eb1cd7c1fd15c8bbe2ab66a6a7ba1
-
SHA512
5ecbbc310057bb33e204140f0b43cdd2108560718271e686cbc2d51b227f71c12a8f55e5e3670d12905a889da03477fc414f37385984f4402e522a37d9da2c91
-
SSDEEP
768:z5GKeS+NkOUWYLtZCnykyyZaMYqaLOViWg6sMi2BGj:z5GKeS+COUvW9aMYqdiWg6/i2
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3af748b9d0606808421ab704fb2db0fa
Files
-
3af748b9d0606808421ab704fb2db0fa.sys windows:5 windows x86 arch:x86
43683f5a55867ed79aad7e863847759e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
wcsstr
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
ZwCreateFile
IoRegisterDriverReinitialization
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
_strnicmp
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcscat
wcscpy
PsCreateSystemThread
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
wcsncmp
towlower
IofCompleteRequest
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwEnumerateKey
KeDelayExecutionThread
ZwDeleteValueKey
Sections
.text Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 832B - Virtual size: 806B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ