Static task
static1
General
-
Target
6775385d29bfc313cdd8378271b7c88b
-
Size
45KB
-
MD5
6775385d29bfc313cdd8378271b7c88b
-
SHA1
f42bb0260bc03a198244984022ca7a03076db905
-
SHA256
c7f70f495cb3b8ce8209e6b94f02963070f2159dc08a84a0ee55ed279d8a2f27
-
SHA512
cad977160019a21784383a2e57a0a8e9d3ee3851e676a4ce326504bb9374239e57706e3588e1ef0fcaa1c0f502bf87c7ea856d121c563d86e69b9dde0cc79826
-
SSDEEP
768:b/NE6o36zD6llFFI7V3k7IVCbYSwB79ohTVV1jRaU+i7IAm+YR16lNscZ2hcIl3W:JE6oqzD6l5I7V07IVUYVB79ohTVV5n7r
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6775385d29bfc313cdd8378271b7c88b
Files
-
6775385d29bfc313cdd8378271b7c88b.sys windows:4 windows x86 arch:x86
3624657eb120e655fea858e894b8449e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
KeDelayExecutionThread
IofCompleteRequest
IoGetCurrentProcess
wcsstr
ZwQueryValueKey
_except_handler3
wcsncmp
wcslen
towlower
ZwDeleteValueKey
PsCreateSystemThread
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
strncmp
strncpy
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
MmGetSystemRoutineAddress
ZwCreateFile
IoRegisterDriverReinitialization
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
_strnicmp
Sections
.text Size: 37KB - Virtual size: 37KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 864B - Virtual size: 856B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ