Static task
static1
General
-
Target
837b15eb24296e37fe0946ee7f6413cb8c12782f44e256583b1c063adfe4f707
-
Size
257KB
-
MD5
63ebfa852827c4fe06e5120646c06ccd
-
SHA1
1fc1337b2878a77ed371dc8ddd28aa49101e2930
-
SHA256
837b15eb24296e37fe0946ee7f6413cb8c12782f44e256583b1c063adfe4f707
-
SHA512
45c1a472f50bea7ca6c009b1110dd62eaf09a35bf25d3685459acbcc9e1f70d32363add2278bab585c9a79b159212ae9e2e33dea22c210a660f01770b3ffb5ee
-
SSDEEP
3072:pY+ZXLAD3QlrwrRbSO1I0AgTviZuleuuJ1BlxDGLqy7+VsXzXqSbPw4:mmLAD3QBCxSOWRgriZ4eLxDrSbt
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 837b15eb24296e37fe0946ee7f6413cb8c12782f44e256583b1c063adfe4f707
Files
-
837b15eb24296e37fe0946ee7f6413cb8c12782f44e256583b1c063adfe4f707.sys windows:6 windows x86
418cc9e05cda362b24d54191a31653c4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAcquireRundownProtectionEx
ExAcquireRundownProtection
ExReleaseRundownProtection
_allshl
KeLeaveCriticalRegion
KeEnterCriticalRegion
ExWaitForRundownProtectionRelease
CmUnRegisterCallback
PsSetCreateProcessNotifyRoutine
PsSetLoadImageNotifyRoutine
PsSetCreateThreadNotifyRoutine
ZwClose
PsCreateSystemThread
MmGetSystemRoutineAddress
KeInitializeEvent
ExInitializeNPagedLookasideList
KeDelayExecutionThread
KeSetEvent
ExReInitializeRundownProtection
CmRegisterCallback
_vsnwprintf
PsTerminateSystemThread
KeWaitForSingleObject
RtlMultiByteToUnicodeN
ExAllocatePoolWithTag
RtlEqualUnicodeString
RtlCopyUnicodeString
IoGetTopLevelIrp
MmIsAddressValid
PsGetCurrentThreadId
PsGetCurrentProcessId
ObQueryNameString
ExInitializeRundownProtection
ZwTerminateProcess
ZwOpenProcess
RtlInitializeBitMap
ObfReferenceObject
RtlInitializeGenericTableAvl
ExInitializePagedLookasideList
ExInitializeResourceLite
ExReleaseResourceLite
RtlInsertElementGenericTableAvl
ExAcquireResourceExclusiveLite
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
ExAcquireResourceSharedLite
memcpy
KeRegisterBugCheckReasonCallback
ExUuidCreate
ExGetPreviousMode
RtlImageNtHeader
RtlCompareUnicodeString
wcslen
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwQuerySystemInformation
ZwQueryInformationFile
ZwOpenFile
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
_allmul
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
IofCompleteRequest
ZwCreateFile
ObReferenceObjectByHandle
IoFileObjectType
KeGetCurrentThread
ZwWriteFile
ZwDeleteFile
RtlAppendUnicodeStringToString
RtlPrefixUnicodeString
IoDeleteDevice
MmHighestUserAddress
RtlCaptureStackBackTrace
ExReleaseRundownProtectionEx
KeBugCheckEx
InterlockedPushEntrySList
InterlockedPopEntrySList
PsLookupProcessByProcessId
ObfDereferenceObject
InitSafeBootMode
RtlInitUnicodeString
IoRegisterShutdownNotification
IoCreateSymbolicLink
RtlAppendUnicodeToString
ExFreePoolWithTag
IoRegisterDriverReinitialization
IoRegisterBootDriverReinitialization
RtlUnwind
IoGetDeviceObjectPointer
ZwDeleteKey
ZwOpenKey
ZwQueryValueKey
ZwSetValueKey
ZwDeleteValueKey
ZwEnumerateKey
ZwEnumerateValueKey
FsRtlIsNameInExpression
RtlGetVersion
ZwQueryInformationProcess
ObOpenObjectByPointer
PsProcessType
PsGetProcessCreateTimeQuadPart
KeUnstackDetachProcess
ProbeForRead
KeStackAttachProcess
PsGetProcessPeb
PsThreadType
PsLookupThreadByThreadId
ZwQueryInformationThread
PsIsThreadTerminating
MmUnmapLockedPages
IoFreeMdl
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
KeInsertQueueApc
KeInitializeApc
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
_wcsnicmp
IoGetDeviceAttachmentBaseRef
IoGetRelatedDeviceObject
ZwReadFile
IoCreateFileSpecifyDeviceObjectHint
ZwSetInformationFile
ZwQueryDirectoryFile
memmove
IoAllocateIrp
IoGetBaseFileSystemDeviceObject
IoFreeIrp
IoCreateFile
ZwSetInformationObject
ZwQueryObject
ZwDuplicateObject
RtlCompareMemory
ZwCreateKey
RtlQueryRegistryValues
KeAreApcsDisabled
ExRaiseStatus
IoVolumeDeviceToDosName
_aullshr
_strnicmp
_allshr
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
RtlDecompressBuffer
FsRtlDissectName
KeTickCount
IoCreateDevice
MmUserProbeAddress
memset
hal
KeGetCurrentIrql
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
fltmgr.sys
FltAcquirePushLockShared
FltInitializePushLock
FltGetFileNameInformationUnsafe
FltReleaseFileNameInformation
FltAcquirePushLockExclusive
FltReleasePushLock
FltDeletePushLock
Sections
.text Size: 141KB - Virtual size: 141KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 920B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ