Static task
static1
General
-
Target
565f7750aea081470d6c3d0c2eed323a
-
Size
6KB
-
MD5
565f7750aea081470d6c3d0c2eed323a
-
SHA1
8a99bb8bc66ba1129793b7eea7960b083ce8545c
-
SHA256
fef4ab390a0d9464876b6d75be0c2efcdbdfdb4b7c74aacf7b9a949569d1fc14
-
SHA512
ae9a5910b5a01f6c2609bb10cdbcaa1625128275bcdc8c28ffd39bbd1c6113d6312288f5e1c9787cdab4f9297742b4a3c8fe79b5ef49707ee7e2a78b98e8499a
-
SSDEEP
96:WZGdhUMnAnvG6IazIfEF6mk1Hid1IWb8x:4GZS7w1Yzbc
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 565f7750aea081470d6c3d0c2eed323a
Files
-
565f7750aea081470d6c3d0c2eed323a.sys windows:4 windows x86 arch:x86
b65a57e6e2da6903db4edb39847694dd
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwCreateKey
ZwClose
ZwOpenKey
ZwSetValueKey
wcslen
ZwQueryValueKey
ExAllocatePool
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
ExFreePool
ZwCreateFile
ZwSetInformationFile
ZwOpenFile
ZwQueryInformationFile
memset
ZwReadFile
ZwWriteFile
KeGetCurrentThread
KeQueryPriorityThread
KeSetPriorityThread
KeInitializeTimerEx
KeSetTimerEx
KeWaitForSingleObject
RtlEqualUnicodeString
RtlAppendUnicodeStringToString
KeCancelTimer
PsTerminateSystemThread
IoDeleteSymbolicLink
IoDeleteDevice
PsCreateSystemThread
ObReferenceObjectByHandle
IoCreateDevice
IoCreateSymbolicLink
ObfDereferenceObject
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 160B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 320B - Virtual size: 312B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 896B - Virtual size: 894B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 480B - Virtual size: 468B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ