Static task
static1
General
-
Target
825d82d610e07bfd436cd40f21fb951b8354c05efc26cf1f6ebabf91a149a058
-
Size
1.5MB
-
MD5
6b5971f5116ca00d381bb70f90dcfa7a
-
SHA1
272f60227d6039d705891e24fba3a957147f341f
-
SHA256
825d82d610e07bfd436cd40f21fb951b8354c05efc26cf1f6ebabf91a149a058
-
SHA512
69fd1de56a36b5f8807d5f78a96da1058128418ea5e7bd10fde2ea0db0f4006b530b99566d818c5313d5d755513029658a1ec2ea7358fdf860b6d744fb7dc662
-
SSDEEP
49152:2Dw3KLAPJ1W0UDXuA2L+fHQpxH2Nkjnj7FtNuTBiw:2kaLAh1yeA2L+fHQpxH2K+Biw
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 825d82d610e07bfd436cd40f21fb951b8354c05efc26cf1f6ebabf91a149a058
Files
-
825d82d610e07bfd436cd40f21fb951b8354c05efc26cf1f6ebabf91a149a058.sys windows:6 windows x86
ed52ccecf7e1d043b00b21607e5d5d33
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
memcpy
memset
ZwWriteFile
ZwSetInformationFile
ZwQueryInformationFile
_strnicmp
PsGetProcessImageFileName
IoCreateFile
ZwClose
ExFreePoolWithTag
ZwReadFile
ZwFlushKey
ZwSetValueKey
ZwQueryValueKey
ZwCreateKey
ZwCreateFile
KeQuerySystemTime
ZwDeleteFile
MmIsAddressValid
RtlCopyUnicodeString
ObQueryNameString
ZwDeleteKey
ZwOpenKey
ZwQueryDirectoryFile
DbgPrint
RtlInitUnicodeString
RtlAppendUnicodeStringToString
ZwEnumerateKey
ZwQueryKey
KeUnstackDetachProcess
KeStackAttachProcess
_wcsicmp
KeGetCurrentThread
IoFreeIrp
IoFreeMdl
KeSetEvent
ExAllocatePool
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoAllocateIrp
IoGetRelatedDeviceObject
IoGetDeviceAttachmentBaseRef
SeCreateAccessState
IoGetFileObjectGenericMapping
ObCreateObject
ObfDereferenceObject
ObReferenceObjectByHandle
IoFileObjectType
MmGetSystemRoutineAddress
_wcsnicmp
CmRegisterCallback
CmUnRegisterCallback
ZwTerminateProcess
ObOpenObjectByPointer
PsProcessType
PsGetProcessSectionBaseAddress
PsLookupProcessByProcessId
PsGetProcessId
PsInitialSystemProcess
IofCompleteRequest
PsTerminateSystemThread
PsSetCreateProcessNotifyRoutine
NtShutdownSystem
PsCreateSystemThread
IoRegisterDriverReinitialization
IoRegisterShutdownNotification
IoCreateDevice
RtlGetVersion
KeTickCount
KeBugCheckEx
RtlUnwind
_vsnwprintf
_vsnprintf
KeDelayExecutionThread
KeInsertQueueApc
KeInitializeApc
ZwQuerySystemInformation
PsLookupThreadByThreadId
_stricmp
_allmul
RtlEqualUnicodeString
PsGetProcessPeb
ZwAllocateVirtualMemory
ZwOpenFile
hal
KeRaiseIrqlToDpcLevel
KfLowerIrql
Sections
.text Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 988B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 864B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ