Static task
static1
General
-
Target
660eba6c26c1342d4b0658796fccdb09
-
Size
48KB
-
MD5
660eba6c26c1342d4b0658796fccdb09
-
SHA1
f0fa9d7a64b39633c989bf39acea7fe038fcbf19
-
SHA256
87f7db80832c33571cb974bc532d92040dd42df3ac8222eae90250327414461f
-
SHA512
d5888d93fa652dbe5295472aa960401406c16aae4a0a62b1b3501b2cd53a9c8c023a3b279047dcb300a07bb354bed141b5eea9481db8cd427dd81016eb00c11f
-
SSDEEP
768:JQaNWMMUzeR9k/z39KV6rwPFLCIzuPaDXtvTaiFyqD5stJI9IVUTrcNRWWITmeRi:dWY4EKdSpvocG/RTB
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 660eba6c26c1342d4b0658796fccdb09
Files
-
660eba6c26c1342d4b0658796fccdb09.sys windows:4 windows x86 arch:x86
5314ac60efc9015939f27696b0d53e4e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_strnicmp
ZwClose
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
ZwCreateFile
IoRegisterDriverReinitialization
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
KeDelayExecutionThread
wcsncmp
wcslen
towlower
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
MmGetSystemRoutineAddress
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
ZwSetValueKey
PsCreateSystemThread
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwDeleteValueKey
_except_handler3
ZwQueryValueKey
IofCompleteRequest
wcsstr
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 954B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 928B - Virtual size: 916B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ