Static task
static1
General
-
Target
b8fed9caaaca2d23a968f10a9ae54e94
-
Size
47KB
-
MD5
b8fed9caaaca2d23a968f10a9ae54e94
-
SHA1
cc54aaa528c7dda2b66ad2bd8625f8c2a3fb268e
-
SHA256
6779130b85d93b191fbf8f493372b1565d79f4750fbb572db4f5046c07c197d3
-
SHA512
7b29774f62d30c87ab7ee4c7d8b30c083de96c79ca32751ba5d02ed43cc290f4d01472b31f4a02476454e65b7680cac5d2471337599772fc5ce29ef85dfa36ab
-
SSDEEP
768:h1f1ermN8UJkQUdzgNaxcUwzaytPSHsgHbi/7R+hXgK3KmaWPb2gRg2WuZ5JzENU:/1erI8UJkQUdzVxcUwzaASHPi/7R+h5x
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b8fed9caaaca2d23a968f10a9ae54e94
Files
-
b8fed9caaaca2d23a968f10a9ae54e94.sys windows:4 windows x86 arch:x86
85c401576ab05d68a9f88c4958702b07
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
KeDelayExecutionThread
ZwCreateFile
IoRegisterDriverReinitialization
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwQueryValueKey
_except_handler3
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
_strnicmp
MmGetSystemRoutineAddress
IofCompleteRequest
IoGetCurrentProcess
wcsstr
strncmp
PsGetVersion
strncpy
wcsncmp
towlower
ZwDeleteValueKey
PsCreateSystemThread
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
Sections
.text Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 896B - Virtual size: 884B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ