Static task
static1
General
-
Target
be7d6a447037f68518411ba81ca9c956
-
Size
50KB
-
MD5
be7d6a447037f68518411ba81ca9c956
-
SHA1
d2990a7a4f2f5c448c2fd0eff953781aa3adf11f
-
SHA256
154698b8c02fef29376688f36755078e746a6ebc81ee7486c955aca9944ff4ba
-
SHA512
ca8319d07f0e0e314feed7a2723adc3ca9251fc7ca3f07a453f7189fd6b3addc0bb6e9f8e569bda62a20717f0009e952b38408f98d71bd69cdb96ba940c38e36
-
SSDEEP
1536:xZN492NmibMBx7yjcXTgK9eUXe+6PUPmXJWprTT:fWgTbMBx7yjcXTB9eUXe+6amX2T
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource be7d6a447037f68518411ba81ca9c956
Files
-
be7d6a447037f68518411ba81ca9c956.sys windows:4 windows x86 arch:x86
6d8eee8448ea45167a8e2390d411d16c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_strnicmp
MmGetSystemRoutineAddress
RtlInitUnicodeString
ZwClose
ZwQueryValueKey
ZwOpenKey
_except_handler3
ZwCreateFile
IoRegisterDriverReinitialization
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
ZwSetValueKey
PsGetVersion
ExFreePool
ExAllocatePoolWithTag
strncmp
strncpy
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
wcsstr
wcscat
wcscpy
PsCreateSystemThread
ZwEnumerateKey
ZwDeleteValueKey
KeDelayExecutionThread
IofCompleteRequest
wcsncmp
towlower
Sections
.text Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 256B - Virtual size: 254B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 960B - Virtual size: 954B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 992B - Virtual size: 982B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ