Static task
static1
General
-
Target
ccf0ec92b1ccea3b1e14e8ab76b7f38a
-
Size
51KB
-
MD5
ccf0ec92b1ccea3b1e14e8ab76b7f38a
-
SHA1
810ad4c9360d54215e2807361548142bc0b81ee1
-
SHA256
c26e502b33ccc56af4bc83a10d52fc74c0e7d2913854f47394ceda856d4a370f
-
SHA512
4c1d2b9258e62d20f9f240b04c05e30c6c46c3304f49bd2c1c79e35189c13ff161d397a974a9f0f8e68d0e4d4e71ad51ed986ba33beb2cabc54160c08b8e8e77
-
SSDEEP
768:8NcnREliYwamphsPOdGy8th7QNlhwGFhTWnQD4yZcQiv8hRHNsGc0YuQcYkeeJKg:8bliYwpYOdGy8thVGgm/iGcwwernmFf
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ccf0ec92b1ccea3b1e14e8ab76b7f38a
Files
-
ccf0ec92b1ccea3b1e14e8ab76b7f38a.sys windows:4 windows x86 arch:x86
aceb4af84b33c3748f0bf8364c1a5224
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
RtlInitUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
ExFreePool
ZwClose
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
IoRegisterDriverReinitialization
wcscpy
ZwEnumerateKey
wcscat
ZwOpenKey
KeDelayExecutionThread
_strnicmp
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
PsCreateSystemThread
wcsstr
ZwQueryValueKey
_except_handler3
wcsncmp
towlower
ZwDeleteValueKey
MmGetSystemRoutineAddress
strncmp
strncpy
IofCompleteRequest
Sections
.text Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 896B - Virtual size: 868B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ