Static task
static1
Behavioral task
behavioral1
Sample
bb956c8d9ff1c2789f2bbc3633c35d925bb6663e998ef4458bad425c9d7b31d7.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
bb956c8d9ff1c2789f2bbc3633c35d925bb6663e998ef4458bad425c9d7b31d7.exe
Resource
win10v2004-20220901-en
General
-
Target
bb956c8d9ff1c2789f2bbc3633c35d925bb6663e998ef4458bad425c9d7b31d7
-
Size
23KB
-
MD5
8ced0bc5ea82f63a335322a9bd1c7f5d
-
SHA1
0400eb4fd8e68f9ae3e5b7d60dc19f79ff772761
-
SHA256
bb956c8d9ff1c2789f2bbc3633c35d925bb6663e998ef4458bad425c9d7b31d7
-
SHA512
39adbe8e004e06a5a66527fca41a73398a3183aab3e11e91a90acdaa1d41fa4c1584f3a11e1fed31dae2a182a1a776734aa5a93b64bccf2e046fa6c0f77c675b
-
SSDEEP
384:ojxxKBllXNYHrazrm/J6CgltLubCOIOghRkTHGfZRu5KfhLfnY0HHxGQxT4WoWIS:ojuBZYLa0XHme0Rk6KKfZfnYCHxBxsT
Malware Config
Signatures
Files
-
bb956c8d9ff1c2789f2bbc3633c35d925bb6663e998ef4458bad425c9d7b31d7.exe windows x64
7aa5e194bf8c89605e18e7ea153ba42f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
KeBugCheckEx
KeFreeCalloutStack
RtlInitUnicodeString
IoDeleteDevice
KeAllocateCalloutStack
IofCompleteRequest
IoCreateDevice
KeResetEvent
KeSetEvent
KeInitializeEvent
KeReleaseSpinLock
IoFreeMdl
ZwClose
IoSetCompletionRoutineEx
MmUnlockPages
ObfDereferenceObject
DbgPrint
IofCallDriver
KeExpandKernelStackAndCalloutEx
KeAcquireSpinLockRaiseToDpc
ObReferenceObjectByHandle
KeClearEvent
IoCancelIrp
MmSizeOfMdl
ExInterlockedInsertTailList
ObfReferenceObject
IoInitializeIrp
MmBuildMdlForNonPagedPool
IoGetCurrentProcess
IoFreeIrp
IoGetRelatedDeviceObject
IoFileObjectType
ZwCreateFile
KeWaitForSingleObject
PsIsThreadTerminating
IoAllocateIrp
IoBuildDeviceIoControlRequest
__C_specific_handler
termdd.sys
IcaWaitForSingleObject
IcaSleep
IcaReturnHandle
IcaCreateHandle
IcaZwClose
IcaCloseHandle
IcaWaitForMultipleObjects
IcaStackFreePool
IcaStackAllocatePoolWithTag
IcaStackAllocatePool
IcaAllocateWorkItem
IcaQueueWorkItemEx
IcaCreateThread
IcaBufferFree
IcaBufferError
IcaRawInput
IcaChannelInput
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 424B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 600B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 108B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ