Static task
static1
General
-
Target
ca939789195633b3bb9cc843ba11f1a3
-
Size
29KB
-
MD5
ca939789195633b3bb9cc843ba11f1a3
-
SHA1
71a85ae7a6250d0c89a08d0536f538a4384c026b
-
SHA256
ac448eea7abfc11a17396d8e83fa5db3867c7342ac0dac8666a0d3bc0ba2ecf4
-
SHA512
0bb13de58af4e31f45fcaaf3f3248756a2743ec3f641ea8daa1158f908eeb795b44de7b1687bef1e06b56837f1d5027946b6086449cd58bf0fa125eb52632da5
-
SSDEEP
768:SmfNuFZVOBmkBpXtmcm6M+V4ZMe5v3Yb0vnhVp4frCu:FcPVObvt9m3o4ZRv3tvnhVp4frCu
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ca939789195633b3bb9cc843ba11f1a3
Files
-
ca939789195633b3bb9cc843ba11f1a3.sys windows:5 windows x86 arch:x86
c76577ac2276b579ecd5914e0a5d82ea
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
KeDelayExecutionThread
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
ZwQueryValueKey
_except_handler3
wcsncmp
wcslen
towlower
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
_strnicmp
ZwCreateFile
IoRegisterDriverReinitialization
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
strncmp
strncpy
wcsstr
ZwDeleteValueKey
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 800B - Virtual size: 796B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ