Static task
static1
General
-
Target
49d565dde3fe1973d50593e88d9081fe
-
Size
50KB
-
MD5
49d565dde3fe1973d50593e88d9081fe
-
SHA1
1a78252f8789cf6ee4ccbfb1d18df00a8ddb4b28
-
SHA256
b9c0edcb87c7f00318f2d14374037f71243f82a3e7cf1f9ed5fd17c89ebf5625
-
SHA512
dd6af1c1ba8118032c1bac08547dab44ee95214839724d3ee77265a210f9865d58f5f6f5b1127f330eaa9535c3249ce0ea3eaf4aafab27e24fc5cbef915d5b3c
-
SSDEEP
768:btyuPjomQd88Sgk1sMQAJpuD47SLuLh7/Dwevllk/UfuonH9zTjMVNrFvSNeeGGH:bt3FQb/dYRVt5shiGa
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 49d565dde3fe1973d50593e88d9081fe
Files
-
49d565dde3fe1973d50593e88d9081fe.sys windows:4 windows x86 arch:x86
153efff451289e3b614c2cbc9f8208e8
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
wcsncmp
wcslen
towlower
ZwClose
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
wcsstr
ZwQueryValueKey
ZwOpenKey
_except_handler3
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
ExFreePool
ExAllocatePoolWithTag
wcscpy
ZwEnumerateKey
wcscat
KeDelayExecutionThread
IofCompleteRequest
MmGetSystemRoutineAddress
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
_strnicmp
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwDeleteValueKey
PsCreateSystemThread
Sections
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 928B - Virtual size: 904B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ