Static task
static1
General
-
Target
dfff76ae1b8e9645e72673025ae79ce0
-
Size
52KB
-
MD5
dfff76ae1b8e9645e72673025ae79ce0
-
SHA1
ac668940c0120c5001ce7fc0a798da9b97e9d4f9
-
SHA256
00ada1f7bdd30ae5c9d12035918622f43131364521af8cdbf629067cc7c63f91
-
SHA512
683a8b871715a7819d64bc1d51819ce6e79777dcdbe7b1d414f9baacd56d591b028c16990b570f6742bd4a840590a5ff715b4672d7cc8f1db50405d4cb93671c
-
SSDEEP
1536:iG+rRTydOeqUegCGUXzTmYVV0B/puCoyKdGfsoX7:SF9eT1CGUXzjVSB/pthKGf
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource dfff76ae1b8e9645e72673025ae79ce0
Files
-
dfff76ae1b8e9645e72673025ae79ce0.sys windows:4 windows x86 arch:x86
e3057a78de9e837c00a6d5c565efa804
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ExFreePool
ZwClose
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
RtlInitUnicodeString
wcsncmp
towlower
MmGetSystemRoutineAddress
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
ZwSetValueKey
_strnicmp
ZwQueryValueKey
ZwOpenKey
_except_handler3
wcscpy
ZwEnumerateKey
wcscat
KeDelayExecutionThread
PsCreateSystemThread
IofCompleteRequest
wcsstr
ZwDeleteValueKey
IoRegisterDriverReinitialization
Sections
.text Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 192B - Virtual size: 162B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 960B - Virtual size: 954B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 1014B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ