Static task
static1
General
-
Target
7b1e15d366b822d142245c54240ebad1
-
Size
40KB
-
MD5
7b1e15d366b822d142245c54240ebad1
-
SHA1
44cc789123ed326a61821dedd32b1447913354ff
-
SHA256
7093ffce76e71d6cf4e2ac56caec66cec991091a5cbf0e345952d34c6e2f0471
-
SHA512
829bbd389cafde53c116d0ecae978aa6f3aad989dd30121c49950cab792eb57b9a46bcea1721c8fc07e65e539840a76ecfe5955c309712452f92ba2882dfee0c
-
SSDEEP
768:mq5XWwN8eE62WPzUmCTQXi3NfwtOzEMDIUV4PjJvyzZpDpJ7r9kHMXwz:75mwN8t62WbMfHzBkU+jJKzrDXv92awz
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7b1e15d366b822d142245c54240ebad1
Files
-
7b1e15d366b822d142245c54240ebad1.sys windows:4 windows x86 arch:x86
4de3ffc2eb825d154c9a09b912aa872c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncpy
PsLookupProcessByProcessId
_stricmp
MmIsAddressValid
RtlCopyUnicodeString
_wcsnicmp
wcslen
RtlCompareUnicodeString
RtlInitUnicodeString
swprintf
wcscat
wcscpy
ExFreePool
ExAllocatePoolWithTag
ZwClose
ObfDereferenceObject
_wcsicmp
ZwQueryValueKey
ZwOpenKey
_except_handler3
_snprintf
wcsncpy
wcsrchr
RtlAnsiStringToUnicodeString
ZwDeleteKey
IofCompleteRequest
IoGetCurrentProcess
KeQuerySystemTime
strncmp
ZwSetValueKey
_snwprintf
wcschr
wcsstr
_wcslwr
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
MmGetSystemRoutineAddress
ZwCreateKey
PsGetVersion
ZwCreateFile
PsSetCreateProcessNotifyRoutine
KeDelayExecutionThread
PsCreateSystemThread
IoDeviceObjectType
KeTickCount
KeQueryTimeIncrement
ZwSetInformationFile
ObReferenceObjectByHandle
IoRegisterDriverReinitialization
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 56B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ