Static task
static1
General
-
Target
7953d98be326c36ff7deef7b2b42ace6
-
Size
48KB
-
MD5
7953d98be326c36ff7deef7b2b42ace6
-
SHA1
5a746a0b5bcc51d1b866e310253157f1538de86c
-
SHA256
8807c1585a273f3c76c50f1bff84dda7c1b31ad30499414b91644a2cf5858fb7
-
SHA512
a554b0e4f171b36afb5e2cd2ade6314e4411ef9dd0f130329a3b282a0761ac5829f3c87fa5d048a0282a77a6e75aae29997e54050dd8cd69d5d0f945ccd6564e
-
SSDEEP
1536:TkR0cCBSxAJfAXDJyv8W2SfiK7yLBQBu0zQw5mX:4GcHWk
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7953d98be326c36ff7deef7b2b42ace6
Files
-
7953d98be326c36ff7deef7b2b42ace6.sys windows:4 windows x86 arch:x86
5ce46eae3be6d1bbb22b304fd1adfa62
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
RtlInitUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
ExFreePool
ExAllocatePoolWithTag
wcsncmp
wcslen
towlower
strncmp
strncpy
ZwClose
wcsstr
ZwQueryValueKey
ZwOpenKey
_except_handler3
wcscpy
ZwEnumerateKey
wcscat
_strnicmp
ZwCreateFile
IoRegisterDriverReinitialization
KeDelayExecutionThread
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
MmGetSystemRoutineAddress
PsCreateSystemThread
IofCompleteRequest
ZwDeleteValueKey
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 896B - Virtual size: 896B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ