Static task
static1
General
-
Target
ad92538270bb5f3845911a701938dd2d
-
Size
25KB
-
MD5
ad92538270bb5f3845911a701938dd2d
-
SHA1
273869af20361dd5cddb8659a51a2346aa3e8821
-
SHA256
6cfbdd379f665038e43f9709bbbe89a6fef39e4e73f689148ee6786ec1358964
-
SHA512
39a9cb6ab34a6c033165fa32089766aba46c8cab686d24f43eb767efe7e4f94ecd2a138ae162a15887f911566cd96fa8ae7d5268b8b33ef8f924569239a1b02b
-
SSDEEP
768:KN7vhB/UNs7LxYUpyu+QDCAM+MFcTlVjaTpMcqLLob:KN7D/UCmUJDRBMc5VeyLw
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ad92538270bb5f3845911a701938dd2d
Files
-
ad92538270bb5f3845911a701938dd2d.sys windows:5 windows x86 arch:x86
e82688c89565a39436d1abdea51f3741
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
wcsncmp
wcslen
towlower
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcscat
wcscpy
PsCreateSystemThread
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
strncmp
strncpy
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwEnumerateKey
KeDelayExecutionThread
IoRegisterDriverReinitialization
_strnicmp
wcsstr
IofCompleteRequest
ZwDeleteValueKey
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 800B - Virtual size: 788B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ