Static task
static1
General
-
Target
b8c2fb69c58d6546526fd372ddae81ec
-
Size
48KB
-
MD5
b8c2fb69c58d6546526fd372ddae81ec
-
SHA1
ebd5caa11749b81bc4ed3de0decc825d20f9f453
-
SHA256
64a08ea00afce90ced8ddc7390dccf80ae4d118d9016852517e403db6f08f4a4
-
SHA512
2a53f891dd5e58007bd112e8cb315e1430ff58331d573a28494457bdea71bb3111875e3715a224b12e1c672544502272fea68f7f3bc0bdc8cb80b7a7c7fbb013
-
SSDEEP
768:Lt7YclyNVR8MvqcWQ2Tm2mJq079m8Nh39Z4:hYhXymjf+mFv7
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b8c2fb69c58d6546526fd372ddae81ec
Files
-
b8c2fb69c58d6546526fd372ddae81ec.sys windows:4 windows x86 arch:x86
b6453c1b93fa07034bc3af5d208e3c52
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
IofCompleteRequest
IoGetCurrentProcess
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
strncmp
PsGetVersion
strncpy
MmGetSystemRoutineAddress
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
ZwSetValueKey
wcscat
wcscpy
PsCreateSystemThread
_strnicmp
ZwQueryValueKey
ZwOpenKey
_except_handler3
ZwEnumerateKey
KeDelayExecutionThread
wcsncmp
wcslen
towlower
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
wcsstr
ZwDeleteValueKey
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 160B - Virtual size: 159B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 960B - Virtual size: 954B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 928B - Virtual size: 914B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ