Static task
static1
General
-
Target
4275fe5661b3117b0018066afbad30ed4da8cb7fa311e10c3ab40c0c08c8284f
-
Size
8.8MB
-
MD5
a09c164d11a5afb6b7a97f84172c131d
-
SHA1
a471f6108f028953c1ddcd53d9e139117a7f21d2
-
SHA256
4275fe5661b3117b0018066afbad30ed4da8cb7fa311e10c3ab40c0c08c8284f
-
SHA512
3709874246322b274bbf95a99cb2a522080676a30d9e85d793825fdeb6997bcaa1446b60b143082292d13d6b821c1db92668591c3c01967510c1fd9913095f28
-
SSDEEP
196608:w07GLWaoP9lHRZEedYTU9aCR4Kl1FxLs4gammypn:w/LOXEedYfCRr/Lsbmypn
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4275fe5661b3117b0018066afbad30ed4da8cb7fa311e10c3ab40c0c08c8284f
Files
-
4275fe5661b3117b0018066afbad30ed4da8cb7fa311e10c3ab40c0c08c8284f.sys windows:10 windows x64
c366f69a2ba7767c5c0962f4d4f26c39
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
fltmgr.sys
FltUnregisterFilter
FltStartFiltering
FltRegisterFilter
ntoskrnl.exe
ExFreePoolWithTag
PsCreateSystemThread
PsTerminateSystemThread
ZwCreateFile
ZwReadFile
ZwClose
PsGetCurrentProcessId
ZwTerminateProcess
ZwOpenProcess
__C_specific_handler
RtlTimeToTimeFields
ExSystemTimeToLocalTime
ZwWriteFile
_snprintf
_vsnprintf
ObReferenceObjectByHandle
ObfDereferenceObject
ZwQueryInformationFile
strcmp
strncmp
RtlCompareMemory
RtlImageNtHeader
ExAllocatePool
_stricmp
wcscat
wcslen
_wcsicmp
RtlQueryRegistryValues
RtlWriteRegistryValue
RtlCompareUnicodeString
RtlCopyUnicodeString
RtlAppendUnicodeToString
RtlFreeUnicodeString
KeInitializeGuardedMutex
KeAcquireGuardedMutex
KeReleaseGuardedMutex
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
IofCompleteRequest
IoGetCurrentProcess
ZwQueryFullAttributesFile
PsGetProcessWow64Process
NtBuildNumber
RtlCreateRegistryKey
_vsnwprintf
RtlRandomEx
KeBugCheckEx
RtlInitUnicodeString
RtlCompareUnicodeStrings
_stricmp
NtQuerySystemInformation
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
ZwWaitForSingleObject
ZwDeviceIoControlFile
ZwOpenFile
_wcsnicmp
ZwEnumerateKey
ZwCreateEvent
MmGetSystemRoutineAddress
ZwCreateFile
__C_specific_handler
KeSetSystemAffinityThread
KeQueryActiveProcessors
KeQueryTimeIncrement
DbgBreakPointWithStatus
RtlTimeToTimeFields
ExSystemTimeToLocalTime
IoAllocateMdl
IoFreeMdl
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
KeWaitForSingleObject
KeReleaseMutex
KeInitializeMutex
ExFreePoolWithTag
ExAllocatePool
KeRevertToUserAffinityThread
DbgPrint
hal
KeQueryPerformanceCounter
Sections
.text Size: 36KB - Virtual size: 36KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.pLC Size: 3.7MB - Virtual size: 3.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.8K- Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.q>k Size: 5.0MB - Virtual size: 5.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 580B - Virtual size: 580B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.l1 Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE