Static task
static1
General
-
Target
4b1415b84b2e84109557c48cf0e210c3
-
Size
25KB
-
MD5
4b1415b84b2e84109557c48cf0e210c3
-
SHA1
5b1dda07c1ed357839deb4d2c4c004d956cccc48
-
SHA256
afc088e550f6225edb21df44920ebf825d4a18400f1e3a88a001ce1827cc11f9
-
SHA512
ecd0f295881f941b0f8b4b9cbaf97f86ee36f3d04f930048fde35fad8a572412996baf846fa64c624453e8867fc930b61ba56ef16e56acdb1d11190033ac1b09
-
SSDEEP
768:7peS+CNsN9TDrV8HiaroHuhlYJKm5VgfjADIy:7hYSHiz4lUDgkH
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4b1415b84b2e84109557c48cf0e210c3
Files
-
4b1415b84b2e84109557c48cf0e210c3.sys windows:5 windows x86 arch:x86
deac2d9a6bbc73e5c7ca2a36d59f1f1f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_strnicmp
ZwClose
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwDeleteValueKey
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
wcsstr
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
wcscpy
ZwEnumerateKey
wcscat
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
strncmp
strncpy
wcsncmp
towlower
IofCompleteRequest
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 800B - Virtual size: 792B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ