Static task
static1
General
-
Target
c5c0baae8168314e103c6626cd71f85dc00fc3de15306ab7391bbefa85b2622a
-
Size
232KB
-
MD5
320b073fe6b2706ff3f2bcdbd7d027ec
-
SHA1
2288aa55d26183432260e9a604af7267bd9a51e3
-
SHA256
c5c0baae8168314e103c6626cd71f85dc00fc3de15306ab7391bbefa85b2622a
-
SHA512
887441593a36b5e14955adfe2b69a19a73e38bc3340d5f8d2902b6362e23587d16e958719cf1867d6b4e16cd095f34fb1140464594f8c8a2c5ce56d691809131
-
SSDEEP
3072:NCm0PlbVyaKDeyEyr8rALY6A64FOgTbqUwhEcruC1BlxDGLqy7+VsXzXqSmF:B0PlbVyaKDe3MuAE6pdgHqpecjxDrSm
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c5c0baae8168314e103c6626cd71f85dc00fc3de15306ab7391bbefa85b2622a
Files
-
c5c0baae8168314e103c6626cd71f85dc00fc3de15306ab7391bbefa85b2622a.sys windows:6 windows x86
6831ace0e6d06c03b49cf011588bbac5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAcquireRundownProtectionEx
ExAcquireRundownProtection
ExReleaseRundownProtection
_allshl
KeLeaveCriticalRegion
KeEnterCriticalRegion
ExWaitForRundownProtectionRelease
CmUnRegisterCallback
PsSetCreateProcessNotifyRoutine
PsSetLoadImageNotifyRoutine
PsSetCreateThreadNotifyRoutine
ZwClose
PsCreateSystemThread
MmGetSystemRoutineAddress
KeInitializeEvent
ExInitializeNPagedLookasideList
KeDelayExecutionThread
KeSetEvent
ExReInitializeRundownProtection
CmRegisterCallback
_vsnwprintf
PsTerminateSystemThread
KeWaitForSingleObject
RtlMultiByteToUnicodeN
ExAllocatePoolWithTag
RtlEqualUnicodeString
RtlCopyUnicodeString
IoGetTopLevelIrp
MmIsAddressValid
PsGetCurrentThreadId
PsGetCurrentProcessId
ObQueryNameString
ExInitializeRundownProtection
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
_wcsnicmp
wcslen
ZwTerminateProcess
ZwOpenProcess
RtlInitializeBitMap
ObfReferenceObject
RtlInitializeGenericTableAvl
ExInitializePagedLookasideList
ExInitializeResourceLite
ExReleaseResourceLite
RtlInsertElementGenericTableAvl
ExAcquireResourceExclusiveLite
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
ExAcquireResourceSharedLite
memcpy
KeRegisterBugCheckReasonCallback
ExUuidCreate
ExGetPreviousMode
RtlImageNtHeader
RtlCompareUnicodeString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwQuerySystemInformation
ZwQueryInformationFile
ZwOpenFile
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
_allmul
IofCompleteRequest
ZwCreateFile
ObReferenceObjectByHandle
IoFileObjectType
KeGetCurrentThread
ZwWriteFile
ZwDeleteFile
IoDeleteDevice
RtlPrefixUnicodeString
MmUserProbeAddress
ExReleaseRundownProtectionEx
RtlCaptureStackBackTrace
KeTickCount
KeBugCheckEx
RtlUnwind
InterlockedPushEntrySList
InterlockedPopEntrySList
PsLookupProcessByProcessId
ObfDereferenceObject
InitSafeBootMode
RtlInitUnicodeString
IoRegisterShutdownNotification
IoCreateSymbolicLink
RtlAppendUnicodeToString
ExFreePoolWithTag
IoRegisterDriverReinitialization
IoRegisterBootDriverReinitialization
IoGetDeviceObjectPointer
ZwDeleteKey
ZwOpenKey
ZwQueryValueKey
ZwSetValueKey
ZwDeleteValueKey
ZwEnumerateKey
ZwEnumerateValueKey
FsRtlIsNameInExpression
RtlGetVersion
ZwQueryInformationProcess
ObOpenObjectByPointer
PsProcessType
PsGetProcessCreateTimeQuadPart
KeUnstackDetachProcess
ProbeForRead
KeStackAttachProcess
PsGetProcessPeb
PsThreadType
PsLookupThreadByThreadId
ZwQueryInformationThread
PsIsThreadTerminating
MmUnmapLockedPages
IoFreeMdl
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
KeInsertQueueApc
KeInitializeApc
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
IoGetDeviceAttachmentBaseRef
IoGetRelatedDeviceObject
ZwReadFile
IoCreateFileSpecifyDeviceObjectHint
ZwSetInformationFile
ZwQueryDirectoryFile
memmove
IoAllocateIrp
IoGetBaseFileSystemDeviceObject
IoFreeIrp
IoCreateFile
ZwSetInformationObject
ZwQueryObject
ZwDuplicateObject
RtlCompareMemory
ZwCreateKey
RtlQueryRegistryValues
KeAreApcsDisabled
ExRaiseStatus
IoVolumeDeviceToDosName
_aullshr
_strnicmp
_allshr
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
RtlDecompressBuffer
FsRtlDissectName
MmHighestUserAddress
IoCreateDevice
RtlAppendUnicodeStringToString
memset
hal
KeGetCurrentIrql
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
fltmgr.sys
FltAcquirePushLockShared
FltInitializePushLock
FltGetFileNameInformationUnsafe
FltReleaseFileNameInformation
FltAcquirePushLockExclusive
FltReleasePushLock
FltDeletePushLock
Sections
.text Size: 142KB - Virtual size: 142KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 920B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ