Static task
static1
General
-
Target
ba6d6a478ba400b07df1adfc262b3cdfe492a373b79d0e74edf7a8e3f9b5ff97N
-
Size
40KB
-
MD5
f8f6a2c73b922d6e95f486d9e0def700
-
SHA1
485c1b666c9f9a0c01b0457e6b5501556e90e74c
-
SHA256
ba6d6a478ba400b07df1adfc262b3cdfe492a373b79d0e74edf7a8e3f9b5ff97
-
SHA512
cfed5218307d8c362cd9901f2b60ada02fbf3430a5480016fa9db134077c93115777d9330875eb1b78b9cbdcc19afe69bd4b7abe6f2a76fcc1e45dd4dfe971eb
-
SSDEEP
768:EW+nMh/KTGnOSWCw2LXHIM6TOciZQLRN+MAsUbmNqFtStbYFfEfZk9qXOJcRtMeh:gnMMBSWCwk3IM6T8YT90b+qFQSEfG9qt
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ba6d6a478ba400b07df1adfc262b3cdfe492a373b79d0e74edf7a8e3f9b5ff97N
Files
-
ba6d6a478ba400b07df1adfc262b3cdfe492a373b79d0e74edf7a8e3f9b5ff97N.sys windows:4 windows x86 arch:x86
dedaa67fdd7af18ee4cfcc0b7dfd6603
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PsSetCreateProcessNotifyRoutine
ZwClose
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
RtlAnsiStringToUnicodeString
wcslen
swprintf
wcscat
wcscpy
strncpy
PsLookupProcessByProcessId
_stricmp
ZwSetValueKey
_except_handler3
wcsncpy
MmIsAddressValid
IoGetCurrentProcess
PsGetVersion
RtlCopyUnicodeString
IofCompleteRequest
ZwCreateKey
wcsrchr
_snwprintf
wcschr
MmGetSystemRoutineAddress
IoRegisterDriverReinitialization
ZwDeleteKey
ExAllocatePoolWithTag
PsCreateSystemThread
KeTickCount
KeQueryTimeIncrement
ObfDereferenceObject
RtlCompareUnicodeString
ZwSetInformationFile
ZwCreateFile
KeDelayExecutionThread
KeQuerySystemTime
_wcsnicmp
ObReferenceObjectByHandle
ExFreePool
_snprintf
_wcsicmp
strncmp
wcsstr
_wcslwr
IoDeviceObjectType
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 96B - Virtual size: 80B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ