Static task
static1
General
-
Target
9efe8aeec9b89bc06dc07b1fb696e10472e965b387fa07d3d2588834543201a2
-
Size
392KB
-
MD5
7f082a329e6d941b988757071c36ba35
-
SHA1
979a3c7fe562f4e95305a890e3c531561baafe38
-
SHA256
9efe8aeec9b89bc06dc07b1fb696e10472e965b387fa07d3d2588834543201a2
-
SHA512
6ba61d6fae00ca67f8d7de827bed2db0b0569b928c867898fea6aa7a1524df3be91c84022fbaf2cac36760029d250fd4ef432e8dfd64931ef1d9348945beb221
-
SSDEEP
6144:+NnfyEVW2Zab0/zS6djWRGvOy9OXjBR92v4tnVJO2bhr:+J7YcaA9djHGrX7nVT
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 9efe8aeec9b89bc06dc07b1fb696e10472e965b387fa07d3d2588834543201a2
Files
-
9efe8aeec9b89bc06dc07b1fb696e10472e965b387fa07d3d2588834543201a2.sys windows:6 windows x64
aa2b1404c5590210545bb05d18ab0a1d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
ProbeForRead
ExReleaseFastMutex
ExAcquireFastMutex
ProbeForWrite
KeInitializeEvent
PsSetCreateProcessNotifyRoutine
RtlCopyUnicodeString
ExAcquireResourceExclusiveLite
KeLeaveCriticalRegion
RtlDeleteElementGenericTable
KeEnterCriticalRegion
ExAcquireResourceSharedLite
ExReleaseResourceLite
RtlLookupElementGenericTable
RtlEnumerateGenericTable
RtlCompareMemory
ExDeleteResourceLite
ExInitializeResourceLite
RtlInitializeGenericTable
RtlInsertElementGenericTable
ObQueryNameString
CmRegisterCallback
MmHighestUserAddress
ZwFreeVirtualMemory
PsGetCurrentThreadId
PsLookupThreadByThreadId
ZwAllocateVirtualMemory
MmSystemRangeStart
PsSetLoadImageNotifyRoutine
RtlUpcaseUnicodeString
wcsnlen
wcschr
ZwCreateKey
ZwDeleteValueKey
ZwSetValueKey
ZwQueryValueKey
RtlCompressBuffer
RtlDecompressBuffer
ZwOpenKey
RtlGetCompressionWorkSpaceSize
IoGetDeviceAttachmentBaseRef
ZwReadFile
RtlAppendUnicodeStringToString
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExDeletePagedLookasideList
ExQueryDepthSList
ExInitializePagedLookasideList
RtlAppendUnicodeToString
CmUnRegisterCallback
MmUnmapLockedPages
IoFreeMdl
ZwSetInformationFile
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
ZwDeleteFile
MmUnlockPages
ZwQueryInformationFile
RtlCompareUnicodeString
IoAllocateMdl
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
ZwOpenFile
_wcsicmp
RtlCreateUnicodeString
wcsncpy
wcsncmp
RtlGetVersion
PsCreateSystemThread
RtlIntegerToUnicodeString
RtlUnicodeStringToInteger
ZwEnumerateKey
ZwQueryKey
KeDelayExecutionThread
wcsrchr
PsTerminateSystemThread
RtlImageNtHeader
ExInitializeRundownProtection
PsIsSystemThread
IoGetTopLevelIrp
RtlPrefixUnicodeString
ExWaitForRundownProtectionRelease
ExAcquireRundownProtection
KeResetEvent
ZwQuerySymbolicLinkObject
KeSetEvent
ExReleaseRundownProtection
KeReleaseSpinLock
ZwOpenSymbolicLinkObject
ZwSetInformationThread
KeWaitForSingleObject
KeAcquireSpinLockRaiseToDpc
KeInitializeSemaphore
KeReleaseSemaphore
KeWaitForMultipleObjects
ZwQueryInformationProcess
ObOpenObjectByPointer
ExSystemTimeToLocalTime
PsGetVersion
ObfReferenceObject
RtlInitAnsiString
_wcsnicmp
CmKeyObjectType
IoFileObjectType
MmUserProbeAddress
ZwOpenProcess
ZwTerminateProcess
FsRtlDissectName
RtlDeleteElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlGetElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlLookupElementGenericTableAvl
KeQueryTimeIncrement
ExSemaphoreObjectType
ExInterlockedInsertTailList
ExInterlockedRemoveHeadList
KeBugCheckEx
IoGetDeviceObjectPointer
PsInitialSystemProcess
IoGetCurrentProcess
PsGetProcessId
PsGetThreadProcessId
ObfDereferenceObject
PsThreadType
ObReferenceObjectByHandle
PsGetProcessInheritedFromUniqueProcessId
RtlHashUnicodeString
RtlEqualUnicodeString
ExGetPreviousMode
PsLookupProcessByProcessId
PsProcessType
IoThreadToProcess
IoCreateDevice
PsGetCurrentProcessId
IoCreateSymbolicLink
ZwDeviceIoControlFile
IofCompleteRequest
ZwClose
_vsnwprintf
InitSafeBootMode
ZwCreateFile
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
IoRegisterShutdownNotification
ExFreePoolWithTag
ZwWriteFile
ZwDeleteKey
KeInitializeApc
KeInsertQueueApc
PsIsThreadTerminating
MmIsAddressValid
FsRtlIsDbcsInExpression
RtlUnicodeStringToAnsiString
FsRtlIsNameInExpression
RtlFreeAnsiString
PsGetProcessPeb
PsGetProcessCreateTimeQuadPart
ZwQuerySystemInformation
KeUnstackDetachProcess
KeStackAttachProcess
PsGetCurrentThreadTeb
ZwEnumerateValueKey
IoGetBaseFileSystemDeviceObject
IoCreateFile
ZwQueryObject
ZwDuplicateObject
IoFreeIrp
IoAllocateIrp
ZwSetInformationObject
ExRaiseStatus
KeAreApcsDisabled
ZwMapViewOfSection
RtlQueryRegistryValues
IoVolumeDeviceToDosName
ZwUnmapViewOfSection
ZwCreateSection
IoGetRelatedDeviceObject
ZwQueryDirectoryFile
IoCreateFileSpecifyDeviceObjectHint
ExAllocatePoolWithTag
__C_specific_handler
__chkstk
fltmgr.sys
FltDeletePushLock
FltGetFileNameInformationUnsafe
FltClose
FltCreateFile
FltQueryInformationFile
FltSendMessage
FltParseFileNameInformation
FltGetDestinationFileNameInformation
FltAllocateContext
FltSetStreamContext
FltReadFile
FltGetRequestorProcessId
FltGetStreamContext
FltGetVolumeContext
FltGetRequestorProcess
FltSetVolumeContext
FltGetVolumeName
FltReleaseContext
FltGetVolumeProperties
FltAcquirePushLockExclusive
FltReleasePushLock
FltInitializePushLock
FltAcquirePushLockShared
FltReleaseFileNameInformation
FltGetFileNameInformation
FltBuildDefaultSecurityDescriptor
FltFreeSecurityDescriptor
FltCreateCommunicationPort
FltCloseClientPort
FltStartFiltering
FltRegisterFilter
Sections
.text Size: 335KB - Virtual size: 334KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 19KB - Virtual size: 75KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 808B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ