Static task
static1
General
-
Target
d684cef6aeaeecdd6f209709a651f066
-
Size
19KB
-
MD5
d684cef6aeaeecdd6f209709a651f066
-
SHA1
50b1940bb61206e4464e3c48a90fcea4b370d95b
-
SHA256
a9b2d94c92b71e7db6c7919ce5eb663567851c7558834f9b906b1655c8e9dc5c
-
SHA512
01c1947cbdc895d630e9e81f3b3d02c05025d85c48442ccfedf104898db70fdadc1bd5ca421f65770a312788a7383527e4d03b13cbe5fd7c9dd591f834bb9b93
-
SSDEEP
384:xMQ45dfTHNZYaBZvyIqQarqk/YZZujgWi1Qoo6pm6lMQLf+vo0y:xMQK1N2aDvyIUmk/YZZuyQou3QLf+vD
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d684cef6aeaeecdd6f209709a651f066
Files
-
d684cef6aeaeecdd6f209709a651f066.sys windows:4 windows x86 arch:x86
3be28313ed969a144799a17c40bbbb11
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
ExFreePool
isxdigit
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
strstr
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
atoi
PsGetVersion
srand
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
isdigit
isspace
toupper
ZwDeleteValueKey
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
wcsstr
tolower
strrchr
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
islower
atol
strchr
strncmp
strncpy
_strnicmp
wcsncmp
wcslen
towlower
isupper
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
Sections
.text Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ