Static task
static1
General
-
Target
0f4407707353e684afe703c18a2a1ecaabe3716b178ad9ea3da65bfa9b4779a0
-
Size
1.8MB
-
MD5
961b19abecf492e22dede89656dafd62
-
SHA1
bc05f12f0fcd5c58abd4efe8d65443fbab670666
-
SHA256
0f4407707353e684afe703c18a2a1ecaabe3716b178ad9ea3da65bfa9b4779a0
-
SHA512
20bb155aa55e1673c25fe053f47aee6b0c1d6764ff47a25c575a57473d2e2d53d50642bc6bf39e1833051a10f44ef5d23256e881c4070a584556f57fd3c30a94
-
SSDEEP
24576:B7KdS3wUcxlNCOkTDGGaJT7q+BjZuS3OcFb2QnqPu9zOYvin6/v/fNTeDoNynk5s:B7KdS3pcnN9yDGGA7qOr++ujq9E
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0f4407707353e684afe703c18a2a1ecaabe3716b178ad9ea3da65bfa9b4779a0
Files
-
0f4407707353e684afe703c18a2a1ecaabe3716b178ad9ea3da65bfa9b4779a0.sys windows:10 windows x64
947774af5d561f746b16de11d898e130
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
PsReleaseProcessExitSynchronization
KeSetEvent
ExEventObjectType
wcscat_s
ZwClose
ZwCreateKey
ZwOpenKey
ZwDeleteKey
ZwSetValueKey
ZwDeleteFile
KeAreAllApcsDisabled
KeDeregisterBugCheckReasonCallback
KeRegisterBugCheckReasonCallback
RtlCompareUnicodeString
IoCreateNotificationEvent
KeInitializeGuardedMutex
strcpy_s
RtlInitAnsiString
RtlAnsiStringToUnicodeString
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
PsGetCurrentThreadId
PsGetProcessCreateTimeQuadPart
PsGetProcessExitStatus
PsGetProcessPeb
ObOpenObjectByPointer
PsGetProcessSessionId
PsGetProcessInheritedFromUniqueProcessId
ZwFreeVirtualMemory
PsReferenceProcessFilePointer
ZwCreateFile
ZwDeviceIoControlFile
RtlNtStatusToDosError
ZwFsControlFile
ZwWaitForSingleObject
PsGetThreadId
IoFileObjectType
ExSemaphoreObjectType
PsProcessType
PsThreadType
PsJobType
SeTokenObjectType
ObReferenceObjectByHandle
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
RtlFreeUnicodeString
RtlFreeAnsiString
KeIpiGenericCall
ProbeForWrite
PsCreateSystemThread
RtlRandomEx
KeClearEvent
IoCreateDevice
IoCreateSymbolicLink
IoRegisterShutdownNotification
IoUnregisterShutdownNotification
MmUnsecureVirtualMemory
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
IoAllocateMdl
IoFreeMdl
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExInitializeResourceLite
ExAcquireResourceSharedLite
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
ExDeleteResourceLite
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlGetElementGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlIsGenericTableEmptyAvl
RtlUpcaseUnicodeString
RtlTimeToTimeFields
ExSystemTimeToLocalTime
RtlEqualUnicodeString
RtlCopyUnicodeString
RtlWalkFrameChain
KeWaitForMultipleObjects
PsGetProcessId
KeTryToAcquireGuardedMutex
KeEnterGuardedRegion
KeLeaveGuardedRegion
PsGetThreadProcess
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
SeQuerySessionIdToken
PsReferencePrimaryToken
PsDereferencePrimaryToken
ObQueryNameString
KeInitializeDpc
KeSetTargetProcessorDpc
KeInitializeTimerEx
PsAcquireProcessExitSynchronization
KeSetTimerEx
PsSetCreateProcessNotifyRoutineEx
KeDelayExecutionThread
KeQueryTimeIncrement
KeQueryActiveProcessors
MmGetSystemRoutineAddress
MmBuildMdlForNonPagedPool
PsGetVersion
MmUserProbeAddress
ZwLoadDriver
ZwFlushKey
ZwQueryValueKey
KeStackAttachProcess
ExAcquireRundownProtection
ExReleaseRundownProtection
PsGetThreadProcessId
IoVolumeDeviceToDosName
PsInitialSystemProcess
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
RtlInsertElementGenericTableFullAvl
MmGetVirtualForPhysical
KeNumberProcessors
RtlCompareString
RtlEnumerateGenericTableWithoutSplayingAvl
ZwOpenThread
ZwOpenDirectoryObject
ZwEnumerateKey
RtlInt64ToUnicodeString
IoCreateFile
ZwOpenFile
ZwQueryInformationFile
ZwSetInformationFile
ZwReadFile
ZwWriteFile
IoCreateFileSpecifyDeviceObjectHint
NtQueryDirectoryFile
IoGetBaseFileSystemDeviceObject
IoQueryFileInformation
ProbeForRead
PsGetProcessWow64Process
RtlImageDirectoryEntryToData
RtlQueryAtomInAtomTable
PsGetThreadWin32Thread
MmAllocateContiguousMemory
MmProtectMdlSystemAddress
ZwQueryObject
NtClose
ObGetObjectType
ExAcquireFastMutex
ExReleaseFastMutex
RtlUpcaseUnicodeChar
RtlUpcaseUnicodeToMultiByteN
RtlAnsiCharToUnicodeChar
RtlUnicodeToMultiByteN
ZwQuerySystemInformation
ZwSetSecurityObject
IoDeviceObjectType
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
SeCaptureSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeExports
RtlCreateSecurityDescriptor
wcschr
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
RtlLengthSid
IoIsWdmVersionAvailable
RtlSetDaclSecurityDescriptor
PsGetProcessImageFileName
ExAllocatePoolWithTag
KeReleaseGuardedMutex
KeAcquireGuardedMutex
IoDriverObjectType
__C_specific_handler
RtlPrefixUnicodeString
ObfDereferenceObject
IoGetAttachedDeviceReference
IofCallDriver
IoBuildSynchronousFsdRequest
ExFreePoolWithTag
ExAllocatePool
KeWaitForSingleObject
KeInitializeEvent
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
IoGetCurrentProcess
KeBugCheckEx
PsLookupProcessByProcessId
MmIsAddressValid
MmGetPhysicalAddress
PsTerminateSystemThread
KeCancelTimer
KeUnstackDetachProcess
MmGetPhysicalMemoryRanges
PsIsThreadTerminating
PsLookupThreadByThreadId
ZwQueryInformationThread
KeInitializeApc
KeInsertQueueApc
MmAllocateMappingAddress
MmFreeMappingAddress
ZwOpenProcess
ZwDeleteValueKey
ZwCreateSection
MmMapViewInSystemSpace
MmUnmapViewInSystemSpace
RtlGetVersion
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
RtlAppendUnicodeStringToString
ZwUnloadDriver
ZwQueryInformationProcess
PsIsSystemThread
KeAreApcsDisabled
HalDispatchTable
KeSetSystemGroupAffinityThread
KeRevertToUserGroupAffinityThread
KeQueryActiveProcessorCountEx
KeGetProcessorNumberFromIndex
KeGetCurrentProcessorNumberEx
MmFreeContiguousMemory
MmProbeAndLockProcessPages
ObReferenceObjectByName
IoAllocateIrp
IoFreeIrp
wcsncpy_s
IoGetLowerDeviceObject
CcCoherencyFlushAndPurgeCache
ExFreePool
MmUnmapIoSpace
RtlCompareMemory
MmMapIoSpace
fltmgr.sys
FltWriteFile
FltReleaseFileNameInformation
FltEnumerateFilters
FltStartFiltering
FltUnregisterFilter
FltRegisterFilter
FltObjectDereference
FltEnumerateInstances
FltGetVolumeProperties
FltGetVolumeFromInstance
FltClose
FltSetInformationFile
FltGetFileNameInformationUnsafe
FltReadFile
FltCreateFileEx
FltGetVolumeName
FltParseFileNameInformation
FltGetFileNameInformation
FltFreePoolAlignedWithTag
FltAllocatePoolAlignedWithTag
FltGetRequestorProcessId
hidparse.sys
HidP_GetCollectionDescription
hal
KeStallExecutionProcessor
KeQueryPerformanceCounter
Sections
.text Size: 637KB - Virtual size: 637KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 286KB - Virtual size: 286KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 1.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 404B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.tvm0 Size: 844KB - Virtual size: 844KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ