Static task
static1
General
-
Target
7d997ed0804f6788241507cb1a57a5cb
-
Size
28KB
-
MD5
7d997ed0804f6788241507cb1a57a5cb
-
SHA1
4335cf4082de7f1bf34c5ecefe366f62211fd32a
-
SHA256
7366e2d6f06bd3c6a88f19e46cc6be322062473a540361fdfd0e1d8b2d62cffd
-
SHA512
61089aebf1d3b802075706bfa45e7a95df47593dbe19c72383bef94d65a0a6eb82050ac50c929d3d461fd6edfa67276f1836658841f4826e51578af40a0f2f40
-
SSDEEP
768:Iv38S8scV/xSvoOpaUZwyNSRhf0WcT0Pv:w8S/cpxmlOyqBBJ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7d997ed0804f6788241507cb1a57a5cb
Files
-
7d997ed0804f6788241507cb1a57a5cb.sys windows:5 windows x86 arch:x86
aba9d981e471c01285bf2efc78ff1e43
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
wcsstr
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
ZwDeleteValueKey
KeDelayExecutionThread
PsCreateSystemThread
IofCompleteRequest
IoGetCurrentProcess
wcsncmp
wcslen
towlower
_strnicmp
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ExFreePool
wcscat
wcscpy
ZwEnumerateKey
ExAllocatePoolWithTag
strncmp
PsGetVersion
strncpy
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
IoRegisterDriverReinitialization
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 800B - Virtual size: 786B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ