Static task
static1
General
-
Target
49254097e8359ac7b2acdc74cd4b9179
-
Size
34KB
-
MD5
49254097e8359ac7b2acdc74cd4b9179
-
SHA1
063fe2742fb5fd8e49d1759f0cc491d5ff53440e
-
SHA256
0a0f88c95fbfed1e37e849fa95ea074af79b852cf39e3d75ac02a87a36ba81d1
-
SHA512
e68025688669c114a9c2bc29a219be2d10e48db06cf2c425af63087609abce8eb784d2cd5054cd4993469bebea5d216891a1802f01e603b954f49b4e356c3732
-
SSDEEP
768:LsxKE+W3JySnB6EXjdVeDZZKaq1i8u9Q3+ns87yNOQ4G4IZYgrjo4TV2wC:Lsr5nA0jdVeDZZKaqNu9Q3+nsXz4LIZl
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 49254097e8359ac7b2acdc74cd4b9179
Files
-
49254097e8359ac7b2acdc74cd4b9179.sys windows:4 windows x86 arch:x86
7c8ea2c7c7c616d36c45918f14fd2f26
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExFreePool
ZwClose
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
RtlInitUnicodeString
_strnicmp
ZwDeleteValueKey
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
tolower
isupper
isprint
atol
isxdigit
atoi
islower
toupper
strstr
srand
isspace
strrchr
isdigit
strchr
wcscpy
ZwEnumerateKey
wcscat
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IoRegisterDriverReinitialization
strncmp
strncpy
IofCompleteRequest
wcsstr
wcsncmp
wcslen
towlower
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
Sections
.text Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ