Static task
static1
General
-
Target
c50a1d638c033da0081ea532170a5d2e
-
Size
51KB
-
MD5
c50a1d638c033da0081ea532170a5d2e
-
SHA1
3b409a090dde6717ef5af9489832195079f279ce
-
SHA256
356fa9c117603f89006bf03c4f79c087a8d871267a6fba92d1c0db9d8673898d
-
SHA512
4c053a43ca37ad773e23af75fd0e80786de982b0ebf9e50e0ddc4a4694e95b9f81e2c44066425ae253718d2b04036ed12b397a74d080d64cf00df9e4143297b4
-
SSDEEP
1536:9ASfcaYx8AM7LHAV8AeslspaFQYv/tulvOUIRSGIQPklLTETD7fLciO3ZfhWi:CaWBxVeyGnNIoGUKPtO3B
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c50a1d638c033da0081ea532170a5d2e
Files
-
c50a1d638c033da0081ea532170a5d2e.sys windows:4 windows x86 arch:x86
5ad6d42619c54fbe06a12a4a9ca96d8a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
ExFreePool
ZwClose
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
RtlInitUnicodeString
MmGetSystemRoutineAddress
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
ZwSetValueKey
wcsncmp
wcslen
towlower
IofCompleteRequest
wcscpy
ZwEnumerateKey
wcscat
ZwOpenKey
KeDelayExecutionThread
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwQueryValueKey
_except_handler3
_strnicmp
ZwDeleteValueKey
PsCreateSystemThread
wcsstr
IoRegisterDriverReinitialization
Sections
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 960B - Virtual size: 954B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 1014B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ