Static task
static1
General
-
Target
cd8d667c0319cd73ef3eaef96046135b
-
Size
25KB
-
MD5
cd8d667c0319cd73ef3eaef96046135b
-
SHA1
d376a506b4e0b679f308d233b119eb019ae7814d
-
SHA256
d9737c27542ee401a8e519827672eb8211df5c1d054f16d681e0b3d970b83c20
-
SHA512
0e1201e0b53aba152be4229a297b86764f1acecb7166a3d051468f158dbb6a679a9f73d6d48bb66caba0f30900a241a68193ce87caff70e030c1901b182f0724
-
SSDEEP
768:RrPp8S6YKTJDHLfC4vry628pUY3B58+A:RWSeT1f1ryz8zx5
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource cd8d667c0319cd73ef3eaef96046135b
Files
-
cd8d667c0319cd73ef3eaef96046135b.sys windows:5 windows x86 arch:x86
82fdfcfc706628498d80565b50492cac
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwClose
wcsstr
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
IofCompleteRequest
IoGetCurrentProcess
ZwDeleteValueKey
KeDelayExecutionThread
PsCreateSystemThread
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
wcsncmp
towlower
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwCreateFile
IoRegisterDriverReinitialization
_strnicmp
strncmp
strncpy
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
Sections
.text Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 832B - Virtual size: 808B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ