Static task
static1
General
-
Target
2ec61e37924e27c8f73b58e02cf8bdb2ad6941c711c069ddff0054f708908c32
-
Size
170KB
-
MD5
eff1ef3430bc0923d90ef17c3773eb20
-
SHA1
96be705336b8ebb2910a35d744a74a0caa578d28
-
SHA256
2ec61e37924e27c8f73b58e02cf8bdb2ad6941c711c069ddff0054f708908c32
-
SHA512
fa969c33e811b7f600df4c6c9c2b67bbe6e61eadb4fd561135dc1f6f8b8d904c150368566cfb219c2e22ba22005ef45817dad1b8b8c8e5424759117d9eda469e
-
SSDEEP
3072:XvB/CBgjcWrpr5uvqHLLs98B2rO071BlxDGLqy7+VsXzXqSB8ht:IMV50aLA98AfxDrSW
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2ec61e37924e27c8f73b58e02cf8bdb2ad6941c711c069ddff0054f708908c32
Files
-
2ec61e37924e27c8f73b58e02cf8bdb2ad6941c711c069ddff0054f708908c32.sys windows:6 windows x86
0b22f99d1e90170f9e05a58208fbf3c9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
KeEnterCriticalRegion
ExReleaseRundownProtection
ExWaitForRundownProtectionRelease
ObfDereferenceObject
PsLookupProcessByProcessId
memset
MmGetSystemRoutineAddress
KeInitializeEvent
ExInitializeNPagedLookasideList
KeDelayExecutionThread
KeSetEvent
_vsnwprintf
ExAllocatePoolWithTag
RtlEqualUnicodeString
RtlMultiByteToUnicodeN
PsTerminateSystemThread
KeWaitForSingleObject
RtlCopyUnicodeString
MmIsAddressValid
ZwClose
PsGetCurrentProcessId
ObQueryNameString
ExInitializeRundownProtection
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
_wcsnicmp
ZwTerminateProcess
ZwOpenProcess
PsCreateSystemThread
ExReleaseResourceLite
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
ExAcquireResourceSharedLite
RtlInitializeGenericTableAvl
ExInitializePagedLookasideList
ExInitializeResourceLite
memcpy
KeRegisterBugCheckReasonCallback
ExUuidCreate
ExGetPreviousMode
RtlImageNtHeader
RtlCompareUnicodeString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwQuerySystemInformation
ZwQueryInformationFile
ZwOpenFile
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
ZwCreateFile
ObReferenceObjectByHandle
IoFileObjectType
KeGetCurrentThread
ZwWriteFile
ZwDeleteFile
RtlAppendUnicodeStringToString
IoCreateDevice
MmUserProbeAddress
MmHighestUserAddress
KeLeaveCriticalRegion
KeTickCount
KeBugCheckEx
RtlUnwind
ExAcquireRundownProtection
ExAcquireRundownProtectionEx
ExReleaseRundownProtectionEx
InterlockedPushEntrySList
InterlockedPopEntrySList
InitSafeBootMode
IoDeleteDevice
IoRegisterShutdownNotification
IoCreateSymbolicLink
RtlAppendUnicodeToString
ExFreePoolWithTag
IoRegisterDriverReinitialization
FsRtlIsNameInExpression
IoGetDeviceObjectPointer
ZwDeleteKey
ZwOpenKey
ZwQueryValueKey
ZwSetValueKey
ZwDeleteValueKey
ZwEnumerateKey
ZwEnumerateValueKey
RtlGetVersion
ZwQueryInformationProcess
ObOpenObjectByPointer
PsProcessType
KeUnstackDetachProcess
KeStackAttachProcess
PsThreadType
PsIsThreadTerminating
MmUnmapLockedPages
IoFreeMdl
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
KeInsertQueueApc
KeInitializeApc
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
IoGetDeviceAttachmentBaseRef
IoGetRelatedDeviceObject
ZwReadFile
IoCreateFileSpecifyDeviceObjectHint
ZwSetInformationFile
ZwQueryDirectoryFile
memmove
RtlCompareMemory
ZwCreateKey
ZwSetInformationObject
ZwQueryObject
IoAllocateIrp
IoGetBaseFileSystemDeviceObject
IoFreeIrp
IoCreateFile
ZwDuplicateObject
RtlQueryRegistryValues
KeAreApcsDisabled
ExRaiseStatus
IoVolumeDeviceToDosName
_strnicmp
_allshr
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
RtlDecompressBuffer
FsRtlDissectName
RtlCaptureStackBackTrace
RtlInitUnicodeString
RtlPrefixUnicodeString
IoRegisterBootDriverReinitialization
hal
KeGetCurrentIrql
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
fltmgr.sys
FltAcquirePushLockShared
FltInitializePushLock
FltAcquirePushLockExclusive
FltReleasePushLock
FltDeletePushLock
Sections
.text Size: 82KB - Virtual size: 81KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 776B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ