Static task
static1
General
-
Target
c2666df7798a16a2e57b71f2d468ba28
-
Size
40KB
-
MD5
c2666df7798a16a2e57b71f2d468ba28
-
SHA1
88a7cb1aa0afdfec5cab84f5ad99ae127a716ef4
-
SHA256
bbb7278a57da16e1aa1449e922ecaa72a9e1412543c12e3a23ac5889f6fb7ece
-
SHA512
1fd53ef77778d568bc40ae094294c22353f1601680e313cdf38e6495d9657225a12ffa2e117850b87d08ab7349effd51987548ff3e3d5539b636eb57d2044e35
-
SSDEEP
768:lByLKXuP9+NJKEB9yyFRYxIgQ5Rw0V9/QAc6Klk8j7ugBZcqMgwzz/SyugL0l/ni:l4eeP9Ek29P7rF3X9YAcrkwugl9cTSy9
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c2666df7798a16a2e57b71f2d468ba28
Files
-
c2666df7798a16a2e57b71f2d468ba28.sys windows:4 windows x86 arch:x86
d2ed7776bbc1691e515fb86c08cf4db9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_wcsicmp
RtlCopyUnicodeString
ZwSetValueKey
ZwClose
wcslen
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
_except_handler3
MmIsAddressValid
ExFreePool
_snprintf
ExAllocatePoolWithTag
ObReferenceObjectByHandle
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcsstr
_wcslwr
swprintf
wcscat
wcscpy
IoDeviceObjectType
strncpy
PsLookupProcessByProcessId
_stricmp
_snwprintf
wcsncpy
wcschr
IofCompleteRequest
strncmp
KeTickCount
KeQueryTimeIncrement
RtlCompareUnicodeString
_wcsnicmp
ZwSetInformationFile
ZwCreateFile
IoGetCurrentProcess
ObfDereferenceObject
MmGetSystemRoutineAddress
PsSetCreateProcessNotifyRoutine
ZwDeleteKey
PsGetVersion
RtlAnsiStringToUnicodeString
IoRegisterDriverReinitialization
KeDelayExecutionThread
KeQuerySystemTime
wcsrchr
ZwCreateKey
PsCreateSystemThread
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 96B - Virtual size: 74B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ