Static task
static1
General
-
Target
bed1b30d2201fd9965168617eacee797
-
Size
46KB
-
MD5
bed1b30d2201fd9965168617eacee797
-
SHA1
a91fb7d413019e6e0490b468bb6cc0f8e59f35d9
-
SHA256
15686b985c546d1031091c40b113276e6873eae932836f3f0762201fef64859d
-
SHA512
5ec7423070690cac0f19222dc0c557497c99e1a3aaa32cf3611d3b5eecc62ef4e786220420ee1d994b21d454db3754457695199df6fb7930421554bcb0b0053a
-
SSDEEP
768:zlBNmLVwET226a3Xzw8AOmgBbyDDrlwLOHiN5DCbT+kVDMNh51Tr1AM:VmLqGZd/NAvm/Tr1AM
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bed1b30d2201fd9965168617eacee797
Files
-
bed1b30d2201fd9965168617eacee797.sys windows:4 windows x86 arch:x86
167962b9b01c57e64d3c4bc58c656f7f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwDeleteValueKey
RtlInitUnicodeString
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
_strnicmp
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
wcsncmp
wcslen
towlower
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwCreateFile
IoRegisterDriverReinitialization
MmGetSystemRoutineAddress
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
wcsstr
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
IofCompleteRequest
Sections
.text Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 896B - Virtual size: 888B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ