Static task
static1
General
-
Target
bf98c5105fb0187262a06f7a4d7f0253
-
Size
53KB
-
MD5
bf98c5105fb0187262a06f7a4d7f0253
-
SHA1
5439d4745a2790ed8cd294bc22a88624c7157d79
-
SHA256
7ab335e161285590bf918516168edefba1939af9250d7bc9f3cd4d8afa4652a0
-
SHA512
d2aab934559807f9f8e7f319cb4bb5f395753371ec52980493af765dce6e1cbec68b52e5b798c7d2f35216b8c95b1d2ab4424d5e0e6e6ce920ea1659fcfa282f
-
SSDEEP
1536:ZQuB0ihs4fMK8wsQ0SIMb6ghMEP2SCxpBVt:tpvUp
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bf98c5105fb0187262a06f7a4d7f0253
Files
-
bf98c5105fb0187262a06f7a4d7f0253.sys windows:4 windows x86 arch:x86
40b143f6f3fb02aa90ca4941109911f8
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmGetSystemRoutineAddress
RtlInitUnicodeString
wcscat
wcscpy
ZwClose
PsCreateSystemThread
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
ZwEnumerateKey
ZwOpenKey
KeDelayExecutionThread
wcsncmp
wcslen
towlower
IofCompleteRequest
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
ZwSetValueKey
ZwQueryValueKey
_except_handler3
IoRegisterDriverReinitialization
ZwDeleteValueKey
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
_strnicmp
wcsstr
Sections
.text Size: 43KB - Virtual size: 43KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 192B - Virtual size: 171B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 960B - Virtual size: 954B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ