Static task
static1
General
-
Target
791b911082605f7da8b5fb82e83b39fe54edf579f3de8aacd6305dc1692a1508
-
Size
169KB
-
MD5
23b65bb830febd41bbd879f42ae371bf
-
SHA1
61a0b39f9ee7ff0a5ce8785accc72ba2714e764f
-
SHA256
791b911082605f7da8b5fb82e83b39fe54edf579f3de8aacd6305dc1692a1508
-
SHA512
21ac93b90a5d79e0551db69be55e50513673b710f992c31bd5f2cb4ab4d77be2a376a183376f7611a74e56de28d073648d9933958fc840ed3ba0fa7811b6dfe3
-
SSDEEP
3072:Feq8EUYyx2rPrdrmNnNGfEL5O0o1BlxDGLqy7+VsXzXqSckh:XNnjh0nNGf4WxDrScM
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 791b911082605f7da8b5fb82e83b39fe54edf579f3de8aacd6305dc1692a1508
Files
-
791b911082605f7da8b5fb82e83b39fe54edf579f3de8aacd6305dc1692a1508.sys windows:6 windows x86
0b22f99d1e90170f9e05a58208fbf3c9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
KeEnterCriticalRegion
ExReleaseRundownProtection
ExWaitForRundownProtectionRelease
ObfDereferenceObject
PsLookupProcessByProcessId
memset
MmGetSystemRoutineAddress
KeInitializeEvent
ExInitializeNPagedLookasideList
KeDelayExecutionThread
KeSetEvent
_vsnwprintf
ExAllocatePoolWithTag
RtlEqualUnicodeString
RtlMultiByteToUnicodeN
PsTerminateSystemThread
KeWaitForSingleObject
RtlCopyUnicodeString
MmIsAddressValid
ZwClose
PsGetCurrentProcessId
ObQueryNameString
ExInitializeRundownProtection
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
_wcsnicmp
ZwTerminateProcess
ZwOpenProcess
PsCreateSystemThread
ExReleaseResourceLite
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
ExAcquireResourceSharedLite
RtlInitializeGenericTableAvl
ExInitializePagedLookasideList
ExInitializeResourceLite
memcpy
KeRegisterBugCheckReasonCallback
ExUuidCreate
ExGetPreviousMode
RtlImageNtHeader
RtlCompareUnicodeString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwQuerySystemInformation
ZwQueryInformationFile
ZwOpenFile
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
ZwCreateFile
ObReferenceObjectByHandle
IoFileObjectType
KeGetCurrentThread
ZwWriteFile
ZwDeleteFile
RtlAppendUnicodeStringToString
IoCreateDevice
MmUserProbeAddress
MmHighestUserAddress
KeLeaveCriticalRegion
KeTickCount
KeBugCheckEx
RtlUnwind
ExAcquireRundownProtection
ExAcquireRundownProtectionEx
ExReleaseRundownProtectionEx
InterlockedPushEntrySList
InterlockedPopEntrySList
InitSafeBootMode
IoDeleteDevice
IoRegisterShutdownNotification
IoCreateSymbolicLink
RtlAppendUnicodeToString
ExFreePoolWithTag
IoRegisterDriverReinitialization
FsRtlIsNameInExpression
IoGetDeviceObjectPointer
ZwDeleteKey
ZwOpenKey
ZwQueryValueKey
ZwSetValueKey
ZwDeleteValueKey
ZwEnumerateKey
ZwEnumerateValueKey
RtlGetVersion
ZwQueryInformationProcess
ObOpenObjectByPointer
PsProcessType
KeUnstackDetachProcess
KeStackAttachProcess
PsThreadType
PsIsThreadTerminating
MmUnmapLockedPages
IoFreeMdl
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
KeInsertQueueApc
KeInitializeApc
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
IoGetDeviceAttachmentBaseRef
IoGetRelatedDeviceObject
ZwReadFile
IoCreateFileSpecifyDeviceObjectHint
ZwSetInformationFile
ZwQueryDirectoryFile
memmove
RtlCompareMemory
ZwCreateKey
ZwSetInformationObject
ZwQueryObject
IoAllocateIrp
IoGetBaseFileSystemDeviceObject
IoFreeIrp
IoCreateFile
ZwDuplicateObject
RtlQueryRegistryValues
KeAreApcsDisabled
ExRaiseStatus
IoVolumeDeviceToDosName
_strnicmp
_allshr
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
RtlDecompressBuffer
FsRtlDissectName
RtlCaptureStackBackTrace
RtlInitUnicodeString
RtlPrefixUnicodeString
IoRegisterBootDriverReinitialization
hal
KeGetCurrentIrql
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
fltmgr.sys
FltAcquirePushLockShared
FltInitializePushLock
FltAcquirePushLockExclusive
FltReleasePushLock
FltDeletePushLock
Sections
.text Size: 82KB - Virtual size: 81KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ