Static task
static1
General
-
Target
d4a79570cdb4dcd21f3d771b7cda0505
-
Size
25KB
-
MD5
d4a79570cdb4dcd21f3d771b7cda0505
-
SHA1
3286c82cfbe8a6beeb94fe9519235f952af3c89c
-
SHA256
16b0f40a1b3bc1516fe572e0ce1c6e3a8691b4291092bacbfbff9534e901e2bb
-
SHA512
43f12971da3130bd61662acb28a47e3bdab4fdf02476b4031ecfdd422c8eb4298fff039ce14f2c6537080d314b9000793546dc2aabb9904510c059f59e0a59c6
-
SSDEEP
768:zjt/rl4uObq8VLUDlY+2tp/NLVy6o6Vd+1t:zZzlmbqwLUDBa/vd/+n
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d4a79570cdb4dcd21f3d771b7cda0505
Files
-
d4a79570cdb4dcd21f3d771b7cda0505.sys windows:5 windows x86 arch:x86
dd8dad5c0e1a7591e9efe7a0098680ee
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
ExFreePool
ZwClose
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
RtlInitUnicodeString
wcsncmp
wcslen
towlower
IoRegisterDriverReinitialization
IofCompleteRequest
wcscpy
ZwEnumerateKey
wcscat
ZwOpenKey
KeDelayExecutionThread
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
ZwDeleteValueKey
_except_handler3
ZwQueryValueKey
wcsstr
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
_strnicmp
Sections
.text Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 768B - Virtual size: 768B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ