Static task
static1
General
-
Target
cd9f18d5aa3ed53f448acf1aec0130ab
-
Size
47KB
-
MD5
cd9f18d5aa3ed53f448acf1aec0130ab
-
SHA1
c541ec3e1ae98cc3056c4cf2bb0443d2db4fa932
-
SHA256
b246eee10e5ce3dac3517cd34ae86faecd12b03166c3ab0ff1dc67a5cce8d741
-
SHA512
8b20cccf4f036bccd4f6ebce50be0c3923c55bd6f2e5c167d64731018620fe57523a93ba46dd23971c6228393b1098e11e0adf62d6110d44d19da78846c8689c
-
SSDEEP
768:LV8PMjQNyNiMHnD9dnNFYZV+TaJC1dKbZ3w:LiPMENyEC9dLY75Y1wN3
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource cd9f18d5aa3ed53f448acf1aec0130ab
Files
-
cd9f18d5aa3ed53f448acf1aec0130ab.sys windows:4 windows x86 arch:x86
7c68adf97cf3e1cee12da9ca41479517
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
PsCreateSystemThread
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
wcsstr
ZwQueryValueKey
_except_handler3
wcsncmp
wcslen
towlower
ZwDeleteValueKey
KeDelayExecutionThread
strncmp
strncpy
IofCompleteRequest
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwCreateFile
IoRegisterDriverReinitialization
MmGetSystemRoutineAddress
_strnicmp
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
Sections
.text Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 896B - Virtual size: 890B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ