Static task
static1
General
-
Target
9755c09c2677893a1d1784f35106a736
-
Size
27KB
-
MD5
9755c09c2677893a1d1784f35106a736
-
SHA1
a597dfcf3df68c0b3585677ec86515dc23b46d55
-
SHA256
2becf5d87791c489597fd1f440444d472054d8392608178b21d23afa8b35bc22
-
SHA512
25849db70079bef7fd2b6bd093f6eabd678821e38c9a0befbe18438043ad888afc3d9f930883c24855932f50bd9ebc8c7e73226e3af1dc2544327b6efacf4193
-
SSDEEP
768:YMCI8b9XxNIme/BGfikuRNckKcrj8fSuOr:YhxWT/rkhDcLu
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 9755c09c2677893a1d1784f35106a736
Files
-
9755c09c2677893a1d1784f35106a736.sys windows:5 windows x86 arch:x86
fd2ee41f572338b7f2baebe156b94e7b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwDeleteValueKey
RtlInitUnicodeString
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
ZwCreateFile
IoRegisterDriverReinitialization
wcsstr
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
IofCompleteRequest
IoGetCurrentProcess
strncmp
PsGetVersion
strncpy
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
_strnicmp
wcsncmp
wcslen
towlower
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
Sections
.text Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 800B - Virtual size: 790B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ