Static task
static1
General
-
Target
795a21f21296b4d036f9fe4c85645643402c8fccd3a7b44beae59cc8fe2878ff
-
Size
192KB
-
MD5
1ad3a21931f5c4cfa389350d7c0231c6
-
SHA1
cdca0a6a2158418d1389cda4e5a3ed611c3e6dd3
-
SHA256
795a21f21296b4d036f9fe4c85645643402c8fccd3a7b44beae59cc8fe2878ff
-
SHA512
b2f5aa7228d1d4c41eb360a5581e5592e28cc11e9e660771492d948db5aa2fee679ac7e758ffe58d965574b437400e1ca0ce4b7c9992fc094f608da79f746c0b
-
SSDEEP
3072:+BDcCf+iRW4rwrwIawxNpagTZ3xFRMku8mn:GoCf+iRW6CLawn0gl3xXMuC
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 795a21f21296b4d036f9fe4c85645643402c8fccd3a7b44beae59cc8fe2878ff
Files
-
795a21f21296b4d036f9fe4c85645643402c8fccd3a7b44beae59cc8fe2878ff.sys windows:6 windows x86
418cc9e05cda362b24d54191a31653c4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAcquireRundownProtectionEx
ExAcquireRundownProtection
ExReleaseRundownProtection
_allshl
KeLeaveCriticalRegion
KeEnterCriticalRegion
ExWaitForRundownProtectionRelease
CmUnRegisterCallback
PsSetCreateProcessNotifyRoutine
PsSetLoadImageNotifyRoutine
PsSetCreateThreadNotifyRoutine
ZwClose
PsCreateSystemThread
MmGetSystemRoutineAddress
KeInitializeEvent
ExInitializeNPagedLookasideList
KeDelayExecutionThread
KeSetEvent
ExReInitializeRundownProtection
CmRegisterCallback
_vsnwprintf
PsTerminateSystemThread
KeWaitForSingleObject
RtlMultiByteToUnicodeN
ExAllocatePoolWithTag
RtlEqualUnicodeString
RtlCopyUnicodeString
IoGetTopLevelIrp
MmIsAddressValid
PsGetCurrentThreadId
PsGetCurrentProcessId
ObQueryNameString
ExInitializeRundownProtection
ZwTerminateProcess
ZwOpenProcess
RtlInitializeBitMap
ObfReferenceObject
RtlInitializeGenericTableAvl
ExInitializePagedLookasideList
ExInitializeResourceLite
ExReleaseResourceLite
RtlInsertElementGenericTableAvl
ExAcquireResourceExclusiveLite
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
ExAcquireResourceSharedLite
memcpy
KeRegisterBugCheckReasonCallback
ExUuidCreate
ExGetPreviousMode
RtlImageNtHeader
RtlCompareUnicodeString
wcslen
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwQuerySystemInformation
ZwQueryInformationFile
ZwOpenFile
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
_allmul
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
IofCompleteRequest
ZwCreateFile
ObReferenceObjectByHandle
IoFileObjectType
KeGetCurrentThread
ZwWriteFile
ZwDeleteFile
RtlAppendUnicodeStringToString
RtlPrefixUnicodeString
IoDeleteDevice
MmHighestUserAddress
RtlCaptureStackBackTrace
ExReleaseRundownProtectionEx
KeBugCheckEx
InterlockedPushEntrySList
InterlockedPopEntrySList
PsLookupProcessByProcessId
ObfDereferenceObject
InitSafeBootMode
RtlInitUnicodeString
IoRegisterShutdownNotification
IoCreateSymbolicLink
RtlAppendUnicodeToString
ExFreePoolWithTag
IoRegisterDriverReinitialization
IoRegisterBootDriverReinitialization
RtlUnwind
IoGetDeviceObjectPointer
ZwDeleteKey
ZwOpenKey
ZwQueryValueKey
ZwSetValueKey
ZwDeleteValueKey
ZwEnumerateKey
ZwEnumerateValueKey
FsRtlIsNameInExpression
RtlGetVersion
ZwQueryInformationProcess
ObOpenObjectByPointer
PsProcessType
PsGetProcessCreateTimeQuadPart
KeUnstackDetachProcess
ProbeForRead
KeStackAttachProcess
PsGetProcessPeb
PsThreadType
PsLookupThreadByThreadId
ZwQueryInformationThread
PsIsThreadTerminating
MmUnmapLockedPages
IoFreeMdl
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
KeInsertQueueApc
KeInitializeApc
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
_wcsnicmp
IoGetDeviceAttachmentBaseRef
IoGetRelatedDeviceObject
ZwReadFile
IoCreateFileSpecifyDeviceObjectHint
ZwSetInformationFile
ZwQueryDirectoryFile
memmove
IoAllocateIrp
IoGetBaseFileSystemDeviceObject
IoFreeIrp
IoCreateFile
ZwSetInformationObject
ZwQueryObject
ZwDuplicateObject
RtlCompareMemory
ZwCreateKey
RtlQueryRegistryValues
KeAreApcsDisabled
ExRaiseStatus
IoVolumeDeviceToDosName
_aullshr
_strnicmp
_allshr
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
RtlDecompressBuffer
FsRtlDissectName
KeTickCount
IoCreateDevice
MmUserProbeAddress
memset
hal
KeGetCurrentIrql
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
fltmgr.sys
FltAcquirePushLockShared
FltInitializePushLock
FltGetFileNameInformationUnsafe
FltReleaseFileNameInformation
FltAcquirePushLockExclusive
FltReleasePushLock
FltDeletePushLock
Sections
.text Size: 141KB - Virtual size: 141KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 896B - Virtual size: 800B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ