Static task
static1
General
-
Target
c600ce70012388e42c79dd1f5e921f7a
-
Size
24KB
-
MD5
c600ce70012388e42c79dd1f5e921f7a
-
SHA1
60648c0a4893f3352b2c068015305ee1ca13d300
-
SHA256
d60f4a6d060ba80a64f15d32370969c056051be9bc23c0b4d448bf7843100240
-
SHA512
53b7f410261c153a9cf3a3bc10d3a9ed92e5ab10ab8526def9433ab82c76b7e6f1a459fb052e9322a288556b52876e9a5f952d39d4fecd1bc1d00333d2ff07f3
-
SSDEEP
768:a3rh46LN0fEVtWKoWqdhu1Bis9GE+/AH3Ik2VHkFsQ6hHXYXyjbV0xwl1:SlVLSEVhorj0BxGEcI3R2lQ6h3YQVuwj
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c600ce70012388e42c79dd1f5e921f7a
Files
-
c600ce70012388e42c79dd1f5e921f7a.sys windows:5 windows x86 arch:x86
e0d804534ae204bf75613017229b0959
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwDeleteValueKey
RtlInitUnicodeString
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwCreateFile
IoRegisterDriverReinitialization
wcsncmp
wcslen
towlower
strncmp
strncpy
_strnicmp
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
wcsstr
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 896B - Virtual size: 842B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ