Static task
static1
General
-
Target
c7697712ba48ca5dc44dfb40f856773c
-
Size
24KB
-
MD5
c7697712ba48ca5dc44dfb40f856773c
-
SHA1
dde1c6fcc099fef62735bf9dc90bc824cb62abcf
-
SHA256
fdf440288b24637583b2d1364dbcbb156549a67c177c56564eb8f1a7b92c9cca
-
SHA512
95d7f7a117a5465fc3624f6e6a5b1a857ed17fe986abf43946a77e750b030145f488c7ce8e8fefad127a17cc8de07d65d3d8a6b0751c7c37fde0ba900a335938
-
SSDEEP
768:bm+o7dhJVnjmSqVbcNfurZTqhQTtsbJIxAjFhlb1:bm+KPXnjfhghT+KsFhz
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c7697712ba48ca5dc44dfb40f856773c
Files
-
c7697712ba48ca5dc44dfb40f856773c.sys windows:5 windows x86 arch:x86
c4d690aaf186d43e8e8888f2f7f9d9a0
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_strnicmp
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
wcscat
wcscpy
ZwClose
PsCreateSystemThread
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
wcsstr
ZwQueryValueKey
ZwOpenKey
_except_handler3
IofCompleteRequest
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ExFreePool
ZwEnumerateKey
ExAllocatePoolWithTag
KeDelayExecutionThread
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
wcsncmp
towlower
ZwDeleteValueKey
ZwCreateFile
IoRegisterDriverReinitialization
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 832B - Virtual size: 806B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ