Static task
static1
General
-
Target
cab60c4948d571437075e8886048ede1
-
Size
34KB
-
MD5
cab60c4948d571437075e8886048ede1
-
SHA1
d28d56694091361a9ced9cf92f0c876c87a63741
-
SHA256
74d5e5bd04e43620b909ce1e2fc9fcfdc97f2a0d182f470bf67f4bf8ce0ecdaf
-
SHA512
cd2f1748a9572a210a758ac7c429a018f560e8fd5a15b83810152a7a0b6769488c5ed587bbfb9f21ae3877748b065157a06a58d6fd07f493a14bbc30d6ba916c
-
SSDEEP
768:L9tE6NE8kEXxu8IwtaVvb6mCoqkv3UErdkaEF69vtcy8NnRTxZm6QDH5OjRE2Q0i:LD/8Mswtmz6mEkvjrdkaEF69vtcy8NnO
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource cab60c4948d571437075e8886048ede1
Files
-
cab60c4948d571437075e8886048ede1.sys windows:4 windows x86 arch:x86
c034a10cfb7a3d9a28d851d7967d46c0
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExFreePool
ZwClose
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
RtlInitUnicodeString
tolower
toupper
isspace
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
strchr
PsCreateSystemThread
srand
isupper
atol
strstr
isxdigit
isdigit
isprint
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
strrchr
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
wcscpy
ZwEnumerateKey
wcscat
ZwOpenKey
islower
_strnicmp
ZwDeleteValueKey
KeDelayExecutionThread
_except_handler3
ZwQueryValueKey
wcsstr
IoRegisterDriverReinitialization
atoi
strncmp
strncpy
wcsncmp
towlower
Sections
.text Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ