Static task
static1
General
-
Target
c38c59b312e237b3c2b6e668b63f3a74
-
Size
26KB
-
MD5
c38c59b312e237b3c2b6e668b63f3a74
-
SHA1
e5af2edd4f3526c7846e4f4ca93a9f5f97f046a4
-
SHA256
5ef7f2e7772d2b61e7ae47d2b9acef703cce5f874df1f37e8a42314cf95698f2
-
SHA512
159f4e934f70acb8d57772b0d8803f3d79492102f5960ffbe9e05c0c239083a9673780301df2251949e0acd6a7ccfede9e006acd3a3984c464d08eb79df92bbc
-
SSDEEP
768:H3IP0AQFiY3oyNA99iQjPUBaIHVVsfMoXP+gHLS:H34OF7oyvQQBRsfMoXN
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c38c59b312e237b3c2b6e668b63f3a74
Files
-
c38c59b312e237b3c2b6e668b63f3a74.sys windows:5 windows x86 arch:x86
2b4e9edbe313adeaa779262da1d10d6f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
wcscat
wcscpy
ZwClose
PsCreateSystemThread
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
wcsncmp
wcslen
towlower
ZwEnumerateKey
ZwOpenKey
KeDelayExecutionThread
IofCompleteRequest
IoGetCurrentProcess
strncmp
PsGetVersion
strncpy
_strnicmp
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
IoRegisterDriverReinitialization
wcsstr
ZwQueryValueKey
_except_handler3
ZwDeleteValueKey
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
Sections
.text Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 832B - Virtual size: 804B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ