Static task
static1
General
-
Target
3ed344a52355af73a428500178222ee1
-
Size
49KB
-
MD5
3ed344a52355af73a428500178222ee1
-
SHA1
3eeddf6090f7876d5519e5ebd5e4959524391136
-
SHA256
2dd02dfe88ed441cd4ce393a39b3c0a01f1edc881e668694b83556573a72015a
-
SHA512
53fcfa40736db055014d8ba023fa3fd77b211711d006cf73a440f2236e9fa579e5ac4ff29296387070a4e82390753c0984b3b3b477381c4652b823c6a853d870
-
SSDEEP
768:Q2X3oTSCpm1z7CrQnZJPUortCxAcCxDb87E7yWaY7RKLUm08NqeI6f6wlQo2IT4q:QkBF17xpM7E757u/5tFFgI
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3ed344a52355af73a428500178222ee1
Files
-
3ed344a52355af73a428500178222ee1.sys windows:4 windows x86 arch:x86
e37b25b5bb62ab97e0742f9c66e7c008
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_strnicmp
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
wcsstr
ZwDeleteValueKey
KeDelayExecutionThread
PsCreateSystemThread
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
IofCompleteRequest
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
wcsncmp
wcslen
towlower
MmGetSystemRoutineAddress
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
ZwSetValueKey
wcscpy
ZwEnumerateKey
wcscat
IoRegisterDriverReinitialization
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 224B - Virtual size: 201B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 960B - Virtual size: 954B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 1018B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ