Static task
static1
General
-
Target
016ef5de4d27420321a8764a553564b5972b316263f16d79d91f7c725a7d3c67
-
Size
239KB
-
MD5
757fb9aebba8592c76682199b85e5118
-
SHA1
5b0c6095fae92afaa7dd2ab410af9a1d76b2a097
-
SHA256
016ef5de4d27420321a8764a553564b5972b316263f16d79d91f7c725a7d3c67
-
SHA512
be8a8f8be2c6477512b8eb5e200b7af5346cb926138d22b63a8c4981134486fd5d75a429e8ccf0d578e6dfe27d684a959c929bdfb08be8c917baa4f86c4b3f62
-
SSDEEP
6144:aNfGToZ5ptPw0aIv2xslkoPpog/ZaLVOyA3ek0R4dKEPWUF75fUZDU3t7H1z2RIY:aPZ5pqslnTZaL
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 016ef5de4d27420321a8764a553564b5972b316263f16d79d91f7c725a7d3c67
Files
-
016ef5de4d27420321a8764a553564b5972b316263f16d79d91f7c725a7d3c67.sys windows:6 windows x86
038d28b0cd0a4d6dfebfa7f743bcdfac
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlInitUnicodeString
PsSetLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
PsRemoveLoadImageNotifyRoutine
InterlockedPopEntrySList
InterlockedPushEntrySList
ExInitializePagedLookasideList
ExDeletePagedLookasideList
KeSetEvent
KeWaitForSingleObject
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
InitSafeBootMode
KeGetCurrentThread
IoCreateFile
RtlFreeAnsiString
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
IoFreeMdl
MmUnlockPages
MmUnmapLockedPages
memmove
MmProtectMdlSystemAddress
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
KeUnstackDetachProcess
KeStackAttachProcess
PsLookupProcessByProcessId
_stricmp
ZwSetInformationFile
ZwQueryInformationFile
ZwReadFile
ZwWriteFile
RtlRandomEx
KeTickCount
ZwCreateFile
ZwOpenFile
PsTerminateSystemThread
RtlAppendUnicodeStringToString
RtlUnicodeStringToAnsiString
KeInsertQueueApc
KeInitializeApc
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlImageDirectoryEntryToData
RtlImageNtHeader
PsThreadType
PsCreateSystemThread
RtlGetVersion
ZwDeleteValueKey
ZwSetValueKey
ZwQueryValueKey
RtlCompareUnicodeString
IofCompleteRequest
KeLeaveCriticalRegion
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
ExAcquireResourceSharedLite
ExReleaseResourceLite
ObQueryNameString
MmGetSystemRoutineAddress
ObOpenObjectByPointer
ObfReferenceObject
MmIsAddressValid
RtlPrefixUnicodeString
IoGetCurrentProcess
MmUserProbeAddress
CmUnRegisterCallback
CmRegisterCallback
KeDelayExecutionThread
KeQueryTimeIncrement
_alldiv
_allmul
ZwClose
ZwOpenProcess
PsGetProcessInheritedFromUniqueProcessId
ProbeForWrite
ExRaiseDatatypeMisalignment
wcsncpy
RtlSetDaclSecurityDescriptor
ExRegisterCallback
ExCreateCallback
ExUnregisterCallback
IoRegisterShutdownNotification
KeQuerySystemTime
PsGetProcessCreateTimeQuadPart
RtlCopyUnicodeString
KeResetEvent
KeBugCheckEx
ObOpenObjectByName
ZwOpenKey
ZwCreateKey
RtlCompareMemory
RtlUnwind
ProbeForRead
PsGetCurrentThreadId
ExGetPreviousMode
ObReferenceObjectByHandle
ObfDereferenceObject
RtlEqualUnicodeString
RtlAppendUnicodeToString
KeInitializeEvent
memcpy
ZwQuerySystemInformation
ExDeleteResourceLite
RtlHashUnicodeString
ExInitializeResourceLite
ExFreePoolWithTag
KeInsertQueueDpc
KeSetTargetProcessorDpc
KeInitializeDpc
KeNumberProcessors
towupper
FsRtlIsNameInExpression
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwEnumerateKey
ZwEnumerateValueKey
PsProcessType
PsLookupThreadByThreadId
IoGetDeviceObjectPointer
RtlQueryRegistryValues
KeAreApcsDisabled
ExRaiseStatus
IoVolumeDeviceToDosName
_wcsnicmp
RtlMultiByteToUnicodeN
RtlAssert
DbgPrint
PsIsThreadTerminating
_allshl
_aullshr
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
RtlDecompressBuffer
RtlDeleteElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlInitializeGenericTableAvl
FsRtlDissectName
ZwQueryInformationProcess
PsGetCurrentProcessId
memset
ZwDeviceIoControlFile
ExAllocatePoolWithTag
hal
KfRaiseIrql
KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
KfLowerIrql
fltmgr.sys
FltDeletePushLock
FltCloseClientPort
FltRegisterFilter
FltBuildDefaultSecurityDescriptor
FltCreateCommunicationPort
FltStartFiltering
FltFreeSecurityDescriptor
FltCloseCommunicationPort
FltUnregisterFilter
FltInitializePushLock
FltAcquirePushLockExclusive
FltAcquirePushLockShared
FltReleasePushLock
FltSendMessage
Sections
.text Size: 204KB - Virtual size: 204KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 896B - Virtual size: 808B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ