Static task
static1
General
-
Target
b719c7ffea4f5e87c174845e4a646bc98dca9b36c36e46d899d5f3258e449885
-
Size
1.5MB
-
MD5
a8e5f0828ed90833fbe50e055cce21a1
-
SHA1
b66f8ff3f668346a1e04d9c31fddcfa9c09cb4b6
-
SHA256
b719c7ffea4f5e87c174845e4a646bc98dca9b36c36e46d899d5f3258e449885
-
SHA512
f92b81ab1cbe85aa935a299f9323d1d885f481a2b649834fd10dbace3f2723fd3eebf1eedb2783a039e5dcdc8d1ab423084c04b8c806271b529ede3f1f575b9b
-
SSDEEP
49152:ZGw3KLAPJD7UPBFCu2wFKeiWf+fHQpxH2Nkjnj7FtNuTBiw:Z3aLAh+EubFHiy+fHQpxH2K+Biw
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b719c7ffea4f5e87c174845e4a646bc98dca9b36c36e46d899d5f3258e449885
Files
-
b719c7ffea4f5e87c174845e4a646bc98dca9b36c36e46d899d5f3258e449885.sys windows:6 windows x86
ed52ccecf7e1d043b00b21607e5d5d33
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
memcpy
memset
ZwWriteFile
ZwSetInformationFile
ZwQueryInformationFile
_strnicmp
PsGetProcessImageFileName
IoCreateFile
ZwClose
ExFreePoolWithTag
ZwReadFile
ZwFlushKey
ZwSetValueKey
ZwQueryValueKey
ZwCreateKey
ZwCreateFile
KeQuerySystemTime
ZwDeleteFile
MmIsAddressValid
RtlCopyUnicodeString
ObQueryNameString
ZwDeleteKey
ZwOpenKey
ZwQueryDirectoryFile
DbgPrint
RtlInitUnicodeString
RtlAppendUnicodeStringToString
ZwEnumerateKey
ZwQueryKey
KeUnstackDetachProcess
KeStackAttachProcess
_wcsicmp
KeGetCurrentThread
IoFreeIrp
IoFreeMdl
KeSetEvent
ExAllocatePool
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoAllocateIrp
IoGetRelatedDeviceObject
IoGetDeviceAttachmentBaseRef
SeCreateAccessState
IoGetFileObjectGenericMapping
ObCreateObject
ObfDereferenceObject
ObReferenceObjectByHandle
IoFileObjectType
MmGetSystemRoutineAddress
_wcsnicmp
CmRegisterCallback
CmUnRegisterCallback
ZwTerminateProcess
ObOpenObjectByPointer
PsProcessType
PsGetProcessSectionBaseAddress
PsLookupProcessByProcessId
PsGetProcessId
PsInitialSystemProcess
IofCompleteRequest
PsTerminateSystemThread
PsSetCreateProcessNotifyRoutine
NtShutdownSystem
PsCreateSystemThread
IoRegisterDriverReinitialization
IoRegisterShutdownNotification
IoCreateDevice
RtlGetVersion
KeTickCount
KeBugCheckEx
RtlUnwind
_vsnwprintf
_vsnprintf
KeDelayExecutionThread
KeInsertQueueApc
KeInitializeApc
ZwQuerySystemInformation
PsLookupThreadByThreadId
_stricmp
_allmul
RtlEqualUnicodeString
PsGetProcessPeb
ZwAllocateVirtualMemory
ZwOpenFile
hal
KeRaiseIrqlToDpcLevel
KfLowerIrql
Sections
.text Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 988B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 864B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ