Static task
static1
General
-
Target
5706649d314b701a00ffb177233ab038
-
Size
24KB
-
MD5
5706649d314b701a00ffb177233ab038
-
SHA1
36d61e77eb2fe1efec0a96d5337cecd7c6f9bc7a
-
SHA256
721ee6633994edab769104126aedae58989281cb510ed2ecda3af7a514350cd7
-
SHA512
9475aa7597a3bdb91cd215f41a699f3935731f76251d9b72b387efdc3a6518d32b3f46521f84ec5f5ce608a264009f773b0185cbe3ffdb57cc3a26892843b0f3
-
SSDEEP
768:F/LXuqv+siuU6iDzwnGNausWcgGXZTPoLV78lnZlCBXhzOE4YuUu:F7uqv+siuU6iDzMGHsJgWZTPoLV78lnD
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5706649d314b701a00ffb177233ab038
Files
-
5706649d314b701a00ffb177233ab038.sys windows:5 windows x86 arch:x86
e15392dd63702df1684a1c1dbfd377b7
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IofCompleteRequest
IoGetCurrentProcess
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
RtlInitUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
ZwClose
ExFreePool
wcscat
wcscpy
ZwEnumerateKey
ExAllocatePoolWithTag
ZwOpenKey
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
strncmp
strncpy
wcsncmp
wcslen
towlower
IoRegisterDriverReinitialization
_strnicmp
KeDelayExecutionThread
wcsstr
ZwQueryValueKey
_except_handler3
ZwDeleteValueKey
PsCreateSystemThread
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 768B - Virtual size: 754B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ