Static task
static1
General
-
Target
c51af5f06e21c6a523e596afc3367e96
-
Size
47KB
-
MD5
c51af5f06e21c6a523e596afc3367e96
-
SHA1
057bc345e63455f5fb8fa7a4dc0e6b7a33b37948
-
SHA256
13a984b3c8e2b06bc45ce543c07a82fe495ca2428b725484acd6e56fd0cb1766
-
SHA512
8b5bca285e91333c9a5556a43e54458a16a083edbd2d9c8fc7aead5e8f110ea4ba185dc76ff4032c9160f8d27e69e65c0cc7a0492e1ad6132789b624c1c75a48
-
SSDEEP
768:2ePjnxRTDeQfRXJLJT9RuOP8SRJDzQ9btPGntsy9lRzNv5iYm/s5JPKVc4JFi/OQ:2eLvDNZwSRzpS3VnJFi/Od
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c51af5f06e21c6a523e596afc3367e96
Files
-
c51af5f06e21c6a523e596afc3367e96.sys windows:4 windows x86 arch:x86
5ddaed1c444d08c92e862b43c5d75428
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ExFreePool
ZwClose
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
RtlInitUnicodeString
wcsncmp
towlower
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
IoRegisterDriverReinitialization
wcscat
wcscpy
ZwEnumerateKey
ZwOpenKey
IofCompleteRequest
wcsstr
ZwQueryValueKey
_except_handler3
_strnicmp
ZwDeleteValueKey
KeDelayExecutionThread
PsCreateSystemThread
strncmp
strncpy
MmGetSystemRoutineAddress
Sections
.text Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 864B - Virtual size: 854B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ