Static task
static1
Behavioral task
behavioral1
Sample
http.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
http.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Target
http.sys
Size
1.3MB
MD5
d86b0b62937607a711e5863fa2127fa9
SHA1
66b9717cf148ecc8dcc40a90f89a73f358779529
SHA256
0dbbeabb6c9b4b6d5fe82ab4f16b911f06b13bf9dd56a8f5a94c0611639da9ef
SHA512
e37bcf172891201c50aba57805a253ec7041f29f005b09ecb1c638aecbe322a1c05ffdaaeddcc9edccee40da8953f8a146d3a8e2b34be4abee464a114c37383c
SSDEEP
24576:pComaU1ZvZn20oesCiaHptnkWhkAqPmfGXQYnP+yqrRKkQ8GpUnig8qG:kRn3fkvAqPwUP+yQQ8G7gS
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableAvl
KeQueryHighestNodeNumber
RtlInitializeGenericTableAvl
KeInitializeEvent
KeWaitForSingleObject
KeSetEvent
wcschr
MmIsThisAnNtAsSystem
RtlUpcaseUnicodeString
RtlUpcaseUnicodeChar
NlsLeadByteInfo
MmSizeOfMdl
qsort
IoGetRequestorProcess
KeStackAttachProcess
KeUnstackDetachProcess
_vsnwprintf
RtlUnicodeToUTF8N
strncmp
bsearch
MmMapLockedPagesSpecifyCache
KeQuerySystemTimePrecise
IoAllocateMdl
MmBuildMdlForNonPagedPool
KeQueryMaximumProcessorCountEx
RtlGetVersion
ZwOpenKey
ZwClose
RtlIsStateSeparationEnabled
ZwQuerySystemInformation
RtlAppendUnicodeStringToString
RtlTimeToTimeFields
ExSystemTimeToLocalTime
RtlUnicodeToMultiByteN
EtwRegister
EtwUnregister
EtwWriteTransfer
RtlNtStatusToDosErrorNoTeb
IoBuildPartialMdl
MmUnmapLockedPages
IoGetRelatedDeviceObject
IoQueryFileInformation
IoQueryVolumeInformation
IofCallDriver
KeRegisterProcessorChangeCallback
KeDeregisterProcessorChangeCallback
KeSetSystemGroupAffinityThread
KeRevertToUserGroupAffinityThread
InitializeSListHead
EtwWrite
MmLockPagableDataSection
MmUnlockPagableImageSection
ExpInterlockedPushEntrySList
ExpInterlockedFlushSList
KeFlushQueuedDpcs
SeCreateAccessState
SeDeleteAccessState
ZwDeleteValueKey
ZwSetValueKey
ZwCreateDirectoryObject
IoCreateDevice
IoGetFileObjectGenericMapping
RtlMapGenericMask
SeExports
ObOpenObjectByPointer
NtSetSecurityObject
IoDeleteDevice
RtlEqualString
ExGetPreviousMode
KeInitializeDpc
KeInitializeTimer
KeCancelTimer
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
RtlTimeFieldsToTime
ExLocalTimeToSystemTime
SeImpersonateClientEx
ZwCreateFile
PsRevertToSelf
wcsncmp
ZwCreateEvent
ZwWriteFile
ZwWaitForSingleObject
ZwQueryDirectoryFile
wcsstr
isdigit
ZwQueryInformationFile
KeSetTimer
KeSetTimerEx
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
RtlSetOwnerSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwQuerySecurityObject
RtlEqualSid
ZwSetSecurityObject
NtQueryVolumeInformationFile
ExAcquireFastMutex
ExReleaseFastMutex
NtQuerySystemInformation
_vsnprintf
SeCaptureSecurityDescriptor
RtlValidSecurityDescriptor
RtlLengthSecurityDescriptor
RtlValidRelativeSecurityDescriptor
SeTokenType
PsDereferencePrimaryToken
PsDereferenceImpersonationToken
SeCreateClientSecurity
ExpInterlockedPopEntrySList
ExQueryDepthSList
MmProbeAndLockPages
MmUnlockPages
ZwQueryValueKey
atoi
toupper
tolower
RtlIpv4AddressToStringExW
ExRaiseStatus
RtlLookupElementGenericTableAvl
RtlIpv6StringToAddressExW
KeQueryNodeActiveAffinity
RtlInitUnicodeString
ZwOpenEvent
ZwCreateKey
ZwEnumerateKey
RtlInitUnicodeStringEx
KeGetCurrentProcessorNumberEx
ExInitializeRundownProtection
PsRegisterSiloMonitor
PsGetSiloMonitorContextSlot
PsStartSiloMonitor
PsUnregisterSiloMonitor
ExWaitForRundownProtectionRelease
ExRundownCompleted
PsGetSiloIdentifier
PsCreateSiloContext
ExAcquireRundownProtection
PsIsHostSilo
PsInsertPermanentSiloContext
PsDereferenceSiloContext
PsGetPermanentSiloContext
ExReleaseRundownProtection
PsIsCurrentThreadInServerSilo
PsAttachSiloToCurrentThread
PsDetachSiloFromCurrentThread
ObfReferenceObjectWithTag
ObfDereferenceObjectWithTag
ObReferenceObjectByPointer
ObCloseHandle
PsGetCurrentProcessId
PsCreateSystemThread
KeClearEvent
KeSetCoalescableTimer
KeWaitForMultipleObjects
PsTerminateSystemThread
IoAcquireCancelSpinLock
IoAllocateIrpEx
IoFreeIrp
ZwDeleteKey
SeLockSubjectContext
SeAssignSecurity
SeUnlockSubjectContext
SeDeassignSecurity
SeCaptureSubjectContext
SeSetSecurityDescriptorInfo
SeReleaseSubjectContext
SeQuerySecurityDescriptorInfo
SeAccessCheck
SeAppendPrivileges
SeFreePrivileges
SeOpenObjectAuditAlarm
SeCreateAccessStateEx
RtlCreateSecurityDescriptor
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAceEx
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlGetDaclSecurityDescriptor
PsProcessType
ZwDuplicateObject
ZwQueryInformationToken
SeQueryInformationToken
RtlCopySid
ZwDuplicateToken
RtlGetSaclSecurityDescriptor
PsReferencePrimaryToken
RtlMapSecurityErrorToNtStatus
RtlIsGenericTableEmptyAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlGUIDFromString
ExUuidCreate
RtlStringFromGUID
RtlFreeUnicodeString
ZwEnumerateValueKey
IoAllocateWorkItem
IoFreeWorkItem
PsThreadType
KeGetProcessorNumberFromIndex
ZwSetInformationThread
KeQueryLogicalProcessorRelationship
KeSetBasePriorityThread
IoSetThreadHardErrorMode
IoQueueWorkItemEx
KeInitializeApc
KeInsertQueueApc
ExInitializeLookasideListEx
ExDeleteLookasideListEx
RtlInitString
LsaRegisterLogonProcess
LsaLookupAuthenticationPackage
LsaDeregisterLogonProcess
ZwAllocateVirtualMemory
NtAllocateLocallyUniqueId
LsaLogonUser
LsaFreeReturnBuffer
ZwFreeVirtualMemory
RtlUnicodeToMultiByteSize
RtlValidSid
RtlAnsiStringToUnicodeString
isprint
PcwRegister
PcwUnregister
PcwAddInstance
RtlInt64ToUnicodeString
MmLockPagableSectionByHandle
WmiTraceMessageVa
MmGetSystemRoutineAddress
IoWMIRegistrationControl
IoAllocateIrp
ExFlushLookasideListEx
IoInitializeIrp
EtwActivityIdControl
IoCancelIrp
ExAllocatePoolWithTag
ExAcquireSpinLockSharedAtDpcLevel
IoIs32bitProcess
IoFileObjectType
RtlInsertElementGenericTableAvl
SeReleaseSecurityDescriptor
RtlCompareMemory
ProbeForWrite
MmMapLockedPages
IoFreeMdl
KeReadStateEvent
RtlEqualUnicodeString
RtlPrefixUnicodeString
strstr
RtlCompareUnicodeStrings
_wcsicmp
RtlIpv4StringToAddressW
_wcsnicmp
RtlIpv6AddressToStringA
RtlIpv4AddressToStringA
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlIpv6StringToAddressW
_strnicmp
RtlIpv4StringToAddressA
RtlIpv6StringToAddressA
RtlIdnToUnicode
RtlIdnToNameprepUnicode
RtlMultiByteToUnicodeN
KeBugCheckEx
PsChargeProcessPoolQuota
PsGetProcessId
PsReturnPoolQuota
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
ExRaiseDatatypeMisalignment
RtlIpv4StringToAddressExW
MmUserProbeAddress
ObReferenceObjectByHandle
ZwYieldExecution
IoReleaseCancelSpinLock
KeLowerIrql
KeReleaseInStackQueuedSpinLockFromDpcLevel
KeAcquireInStackQueuedSpinLockAtDpcLevel
KfRaiseIrql
ExFreeCacheAwarePushLock
RtlRemoveEntryHashTable
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
RtlInsertEntryHashTable
ExReleaseCacheAwarePushLockExclusive
ExAcquireCacheAwarePushLockExclusive
RtlGetNextEntryHashTable
RtlCompareUnicodeString
RtlLookupEntryHashTable
RtlHashUnicodeString
KeInitializeSpinLock
ExAllocateCacheAwarePushLock
PsGetCurrentServerSilo
RtlCopyUnicodeString
IofCompleteRequest
ObfDereferenceObject
ObfReferenceObject
PsGetCurrentProcess
ExReleaseCacheAwarePushLockSharedEx
ExAcquireCacheAwarePushLockSharedEx
ExReleasePushLockEx
ExTryConvertPushLockSharedToExclusiveEx
IoGetCurrentProcess
KeGetCurrentNodeNumber
RtlDeleteHashTable
RtlCreateHashTable
__C_specific_handler
ExAllocatePoolWithTagPriority
ExFreePoolWithTag
ExReleasePushLockExclusiveEx
ExAcquirePushLockExclusiveEx
KeLeaveCriticalRegion
ExReleasePushLockSharedEx
ExAcquirePushLockSharedEx
RtlIpv6AddressToStringExW
KeEnterCriticalRegion
ExAcquireSpinLockShared
ExReleaseSpinLockShared
_stricmp
KeQueryActiveProcessorCountEx
KeIsExecutingDpc
ExSetTimer
ExReleaseSpinLockExclusive
ExDeleteTimer
EtwSetInformation
ExAllocateTimer
ExTryAcquirePushLockExclusiveEx
ExReleaseSpinLockSharedFromDpcLevel
ExQueueWorkItem
ExAcquireSpinLockExclusive
KeQueryPerformanceCounter
VerifySignature
CompleteAuthToken
AcceptSecurityContext
ExportSecurityContext
QuerySecurityPackageInfoW
AcquireCredentialsHandleW
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptOpenAlgorithmProvider
DeleteSecurityContext
QuerySecurityContextToken
UnsealMessage
SspiAcceptSecurityContextAsync
TokenBindingGetKeyTypesServer
TokenBindingGetHighestSupportedVersion
SealMessage
SspiSetAsyncNotifyCallback
SspiCreateAsyncContext
QueryContextAttributesW
ApplyControlToken
TokenBindingVerifyMessage
SspiFreeAsyncContext
SspiDeleteSecurityContextAsync
FreeContextBuffer
SetCredentialsAttributesW
SspiAcquireCredentialsHandleAsyncW
SspiGetAsyncCallStatus
FreeCredentialsHandle
SslGetServerIdentity
NsiDeregisterChangeNotification
NmrClientDetachProviderComplete
NmrClientAttachProvider
NmrWaitForClientDeregisterComplete
NmrDeregisterClient
NmrRegisterClient
KfdFreeEnumHandle
KfdDerefFilterContext
KfdGetNextFilter
KfdEnumLayer
KfdDeregisterLayerChangeCallback2
KfdRegisterLayerChangeCallback2
NmrProviderDetachClientComplete
NmrWaitForProviderDeregisterComplete
NmrDeregisterProvider
NmrRegisterProvider
RtlIndicateTimerWheelEntryTimerStart
RtlCleanupTimerWheelEntry
RtlInitializeTimerWheelEntry
RtlResumeTimerWheel
RtlSuspendTimerWheel
RtlReturnTimerWheelEntry
RtlGetNextExpiredTimerWheelEntry
RtlUpdateCurrentTimerWheelTick
RtlCleanupTimerWheel
RtlInitializeTimerWheel
KfdClassify
KfdIsLayerEmpty
RtlCopyMdlToMdl
FreeMibTable
GetUnicastIpAddressTable
NsiGetParameter
GetIfEntry2
GetUnicastIpAddressEntry
NotifyUnicastIpAddressChange
NsiRegisterChangeNotification
CancelMibChangeNotify2
NdisGetJobObjectCompartmentId
NdisGetThreadObjectCompartmentId
FwpiIsConnectionEdgeTraversed0
FwpiGetConnectionLuid0
WinQuicOpenEx
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ