Static task
static1
General
-
Target
4453d45a594067c9551c805d8e7779a7f2e29f33fb47c2e28c073069599bf16f
-
Size
231KB
-
MD5
2018ed0268af4e76d3911783550557e3
-
SHA1
7900257257a6df37d8166911e45b79706d0c78a6
-
SHA256
4453d45a594067c9551c805d8e7779a7f2e29f33fb47c2e28c073069599bf16f
-
SHA512
adadbd2fdb1692a92eeb0877909f763ca0c8531ac64a7bcc30d8f0bd99a44215f5c9b1c61b6e85c1d1a404e70875e1308eb1b2a6f5be11fad9d3d0166faf86df
-
SSDEEP
3072:Iy20Al+/AnbENesrMravvbcFpgT1EsDTt2Gmu21BlxDGLqy7+VsXzXqSL1Uy:AQ/8bENe+eAvQvgREsDTcGUxDrSL9
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4453d45a594067c9551c805d8e7779a7f2e29f33fb47c2e28c073069599bf16f
Files
-
4453d45a594067c9551c805d8e7779a7f2e29f33fb47c2e28c073069599bf16f.sys windows:6 windows x86
7a9665ad4b03581d6d3e6fba54c94cb1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAcquireRundownProtectionEx
ExAcquireRundownProtection
ExReleaseRundownProtection
_allshl
KeLeaveCriticalRegion
KeEnterCriticalRegion
ExWaitForRundownProtectionRelease
CmUnRegisterCallback
PsSetCreateProcessNotifyRoutine
PsSetLoadImageNotifyRoutine
PsSetCreateThreadNotifyRoutine
ZwClose
PsCreateSystemThread
MmGetSystemRoutineAddress
KeInitializeEvent
ExInitializeNPagedLookasideList
KeDelayExecutionThread
KeSetEvent
ExReInitializeRundownProtection
CmRegisterCallback
_vsnwprintf
PsTerminateSystemThread
KeWaitForSingleObject
RtlMultiByteToUnicodeN
ExAllocatePoolWithTag
RtlEqualUnicodeString
RtlCopyUnicodeString
IoGetTopLevelIrp
MmIsAddressValid
PsGetCurrentThreadId
PsGetCurrentProcessId
ObQueryNameString
ExInitializeRundownProtection
ZwTerminateProcess
ZwOpenProcess
RtlInitializeBitMap
ObfReferenceObject
RtlInitializeGenericTableAvl
ExInitializePagedLookasideList
ExInitializeResourceLite
ExReleaseResourceLite
RtlInsertElementGenericTableAvl
ExAcquireResourceExclusiveLite
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
ExAcquireResourceSharedLite
memcpy
KeRegisterBugCheckReasonCallback
ExUuidCreate
ExGetPreviousMode
RtlImageNtHeader
RtlCompareUnicodeString
wcslen
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwQuerySystemInformation
ZwQueryInformationFile
ZwOpenFile
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
_allmul
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
IofCompleteRequest
ZwCreateFile
ObReferenceObjectByHandle
IoFileObjectType
KeGetCurrentThread
ZwWriteFile
ZwDeleteFile
RtlAppendUnicodeStringToString
RtlPrefixUnicodeString
IoDeleteDevice
MmHighestUserAddress
RtlCaptureStackBackTrace
ExReleaseRundownProtectionEx
KeBugCheckEx
RtlUnwind
InterlockedPushEntrySList
InterlockedPopEntrySList
PsLookupProcessByProcessId
ObfDereferenceObject
InitSafeBootMode
RtlInitUnicodeString
IoRegisterShutdownNotification
IoCreateSymbolicLink
RtlAppendUnicodeToString
ExFreePoolWithTag
IoRegisterDriverReinitialization
IoRegisterBootDriverReinitialization
IoGetDeviceObjectPointer
ZwDeleteKey
ZwOpenKey
ZwQueryValueKey
ZwSetValueKey
ZwDeleteValueKey
ZwEnumerateKey
ZwEnumerateValueKey
FsRtlIsNameInExpression
RtlGetVersion
ZwQueryInformationProcess
ObOpenObjectByPointer
PsProcessType
PsGetProcessCreateTimeQuadPart
KeUnstackDetachProcess
ProbeForRead
KeStackAttachProcess
PsGetProcessPeb
PsThreadType
PsLookupThreadByThreadId
ZwQueryInformationThread
PsIsThreadTerminating
MmUnmapLockedPages
IoFreeMdl
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
KeInsertQueueApc
KeInitializeApc
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
_wcsnicmp
IoGetDeviceAttachmentBaseRef
IoGetRelatedDeviceObject
ZwReadFile
IoCreateFileSpecifyDeviceObjectHint
ZwSetInformationFile
ZwQueryDirectoryFile
memmove
IoAllocateIrp
IoGetBaseFileSystemDeviceObject
IoFreeIrp
IoCreateFile
ZwSetInformationObject
ZwQueryObject
ZwDuplicateObject
RtlCompareMemory
ZwCreateKey
RtlQueryRegistryValues
KeAreApcsDisabled
ExRaiseStatus
IoVolumeDeviceToDosName
_aullshr
_strnicmp
_allshr
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
RtlDecompressBuffer
FsRtlDissectName
KeTickCount
IoCreateDevice
MmUserProbeAddress
memset
hal
KeGetCurrentIrql
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
fltmgr.sys
FltAcquirePushLockShared
FltInitializePushLock
FltGetFileNameInformationUnsafe
FltReleaseFileNameInformation
FltAcquirePushLockExclusive
FltReleasePushLock
FltDeletePushLock
Sections
.text Size: 141KB - Virtual size: 141KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 920B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ