Static task
static1
General
-
Target
abe858c7c634381bf28eb29313e98708
-
Size
49KB
-
MD5
abe858c7c634381bf28eb29313e98708
-
SHA1
afbb67a01805e4a1041fb189e768340fd79db3de
-
SHA256
cd335db1be94b7c724ef893f1d712c1756bb9f72ed73ad6b154c4de6e26f148e
-
SHA512
8892e9db4bd9518d83e355df3737c2392cffe91255a4015209eaef533f2f72c80d806d4ebba98a81f55ab12c041d087e9da7e433c24269b5f8c5f5b943f7d9d3
-
SSDEEP
1536:zZzvL/17zknguqD6hHWzgzqlqZ9gvGQ3FgW0BQj4:lzvLJzkgr6VWzgzqlc9gvGQ3T0u
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource abe858c7c634381bf28eb29313e98708
Files
-
abe858c7c634381bf28eb29313e98708.sys windows:4 windows x86 arch:x86
1ce583db9251b9cc8966f4768029110c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ExFreePool
wcscat
wcscpy
ZwEnumerateKey
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
ZwCreateFile
IoRegisterDriverReinitialization
wcsncmp
wcslen
towlower
IofCompleteRequest
IoGetCurrentProcess
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
MmGetSystemRoutineAddress
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
ZwSetValueKey
PsGetVersion
wcsstr
ZwQueryValueKey
_except_handler3
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
_strnicmp
ZwDeleteValueKey
KeDelayExecutionThread
PsCreateSystemThread
strncmp
strncpy
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 954B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 928B - Virtual size: 920B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ