Static task
static1
General
-
Target
40d1d9553772a2dbf42d1d34f8fcc755a54dfab4099c3d7843653fc439704d12
-
Size
1.7MB
-
MD5
d5b86ece55591075f47719040d5a3974
-
SHA1
197bf41917b4ae88e1ed0ef4015d41a772b33009
-
SHA256
40d1d9553772a2dbf42d1d34f8fcc755a54dfab4099c3d7843653fc439704d12
-
SHA512
a532856d5600d0c2d725a5c622fa18e018ced3944937d3ce6b957396431cb3c5b9fad4cf7bb9c7562dd27a7ddc92cb6bde9dc1c606408ceaf566beb8e019145f
-
SSDEEP
24576:lCK+z+ZNEeIxnT3kQ4cx4dkT7q+BjZuS3OcFb2QnqPu9zOYvin6/v/fNTeDoNynv:lCK+z+vItT3kC4W7qBOm
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 40d1d9553772a2dbf42d1d34f8fcc755a54dfab4099c3d7843653fc439704d12
Files
-
40d1d9553772a2dbf42d1d34f8fcc755a54dfab4099c3d7843653fc439704d12.sys windows:10 windows x64
f684b9e565e41e7a0c472263438e4eda
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
PsAcquireProcessExitSynchronization
PsReleaseProcessExitSynchronization
KeSetEvent
ExEventObjectType
wcscat_s
ZwClose
ZwCreateKey
ZwOpenKey
ZwDeleteKey
ZwSetValueKey
ZwDeleteFile
KeAreAllApcsDisabled
KeDeregisterBugCheckReasonCallback
KeRegisterBugCheckReasonCallback
IoCreateNotificationEvent
KeInitializeGuardedMutex
strcpy_s
RtlInitAnsiString
RtlAnsiStringToUnicodeString
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
PsGetCurrentThreadId
PsGetProcessCreateTimeQuadPart
PsGetProcessExitStatus
PsGetProcessPeb
ObOpenObjectByPointer
PsGetProcessSessionId
PsGetProcessInheritedFromUniqueProcessId
ZwFreeVirtualMemory
PsReferenceProcessFilePointer
ZwCreateFile
ZwDeviceIoControlFile
RtlNtStatusToDosError
ZwFsControlFile
ZwWaitForSingleObject
PsGetThreadId
IoFileObjectType
ExSemaphoreObjectType
PsProcessType
PsThreadType
PsJobType
SeTokenObjectType
ObReferenceObjectByHandle
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
RtlFreeUnicodeString
KeIpiGenericCall
ProbeForWrite
PsCreateSystemThread
RtlRandomEx
KeClearEvent
IoCreateDevice
IoCreateSymbolicLink
IoRegisterShutdownNotification
IoUnregisterShutdownNotification
MmUnsecureVirtualMemory
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
IoAllocateMdl
IoFreeMdl
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExInitializeResourceLite
ExAcquireResourceSharedLite
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
ExDeleteResourceLite
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlGetElementGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlIsGenericTableEmptyAvl
RtlUpcaseUnicodeString
RtlTimeToTimeFields
ExSystemTimeToLocalTime
RtlEqualUnicodeString
RtlCopyUnicodeString
RtlWalkFrameChain
KeWaitForMultipleObjects
PsGetProcessId
KeTryToAcquireGuardedMutex
KeEnterGuardedRegion
KeLeaveGuardedRegion
PsGetThreadProcess
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
SeQuerySessionIdToken
PsReferencePrimaryToken
PsDereferencePrimaryToken
ObQueryNameString
KeInitializeDpc
KeSetTargetProcessorDpc
KeInitializeTimerEx
KeCancelTimer
KeSetTimerEx
KeUnstackDetachProcess
KeDelayExecutionThread
KeQueryTimeIncrement
KeQueryActiveProcessors
MmGetSystemRoutineAddress
MmBuildMdlForNonPagedPool
PsGetVersion
MmUserProbeAddress
ZwLoadDriver
ZwFlushKey
ZwQueryValueKey
RtlCompareMemory
PsGetProcessImageFileName
ExReleaseRundownProtection
PsGetThreadProcessId
IoVolumeDeviceToDosName
PsInitialSystemProcess
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
RtlInsertElementGenericTableFullAvl
MmGetVirtualForPhysical
IoDriverObjectType
RtlUnicodeStringToInteger
KeNumberProcessors
RtlCompareString
RtlEnumerateGenericTableWithoutSplayingAvl
ZwOpenThread
ZwOpenDirectoryObject
ZwEnumerateKey
RtlInt64ToUnicodeString
IoCreateFile
ZwOpenFile
ZwQueryInformationFile
ZwSetInformationFile
ZwReadFile
ZwWriteFile
IoCreateFileSpecifyDeviceObjectHint
NtQueryDirectoryFile
IoGetBaseFileSystemDeviceObject
IoQueryFileInformation
ProbeForRead
PsGetProcessWow64Process
RtlImageDirectoryEntryToData
RtlQueryAtomInAtomTable
PsGetThreadWin32Thread
MmAllocateContiguousMemory
MmProtectMdlSystemAddress
ZwQueryObject
NtClose
ObGetObjectType
ExAcquireFastMutex
ExReleaseFastMutex
RtlUpcaseUnicodeChar
RtlUpcaseUnicodeToMultiByteN
RtlAnsiCharToUnicodeChar
RtlUnicodeToMultiByteN
ZwQuerySystemInformation
ZwSetSecurityObject
IoDeviceObjectType
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
SeCaptureSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeExports
RtlCreateSecurityDescriptor
wcschr
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
RtlLengthSid
IoIsWdmVersionAvailable
RtlSetDaclSecurityDescriptor
ExAllocatePoolWithTag
KeReleaseGuardedMutex
KeAcquireGuardedMutex
RtlCompareUnicodeString
__C_specific_handler
RtlPrefixUnicodeString
ObfDereferenceObject
IoGetAttachedDeviceReference
IofCallDriver
IoBuildSynchronousFsdRequest
ExFreePoolWithTag
ExAllocatePool
KeWaitForSingleObject
KeInitializeEvent
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
IoGetCurrentProcess
KeBugCheckEx
PsLookupProcessByProcessId
MmIsAddressValid
MmGetPhysicalAddress
PsTerminateSystemThread
PsSetCreateProcessNotifyRoutineEx
KeStackAttachProcess
MmGetPhysicalMemoryRanges
PsIsThreadTerminating
PsLookupThreadByThreadId
ZwQueryInformationThread
KeInitializeApc
KeInsertQueueApc
MmAllocateMappingAddress
MmFreeMappingAddress
ZwOpenProcess
ZwDeleteValueKey
ZwCreateSection
MmMapViewInSystemSpace
MmUnmapViewInSystemSpace
RtlGetVersion
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
RtlAppendUnicodeStringToString
ZwUnloadDriver
ZwQueryInformationProcess
PsIsSystemThread
KeAreApcsDisabled
HalDispatchTable
KeSetSystemGroupAffinityThread
KeRevertToUserGroupAffinityThread
KeQueryActiveProcessorCountEx
KeGetProcessorNumberFromIndex
KeGetCurrentProcessorNumberEx
MmFreeContiguousMemory
MmProbeAndLockProcessPages
ObReferenceObjectByName
IoAllocateIrp
IoFreeIrp
wcsncpy_s
IoGetLowerDeviceObject
CcCoherencyFlushAndPurgeCache
ExFreePool
MmUnmapIoSpace
ExAcquireRundownProtection
MmMapIoSpace
fltmgr.sys
FltWriteFile
FltReleaseFileNameInformation
FltEnumerateFilters
FltStartFiltering
FltUnregisterFilter
FltRegisterFilter
FltObjectDereference
FltEnumerateInstances
FltGetVolumeProperties
FltGetVolumeFromInstance
FltClose
FltSetInformationFile
FltGetFileNameInformationUnsafe
FltReadFile
FltCreateFileEx
FltGetVolumeName
FltParseFileNameInformation
FltGetFileNameInformation
FltFreePoolAlignedWithTag
FltAllocatePoolAlignedWithTag
FltGetRequestorProcessId
hidparse.sys
HidP_GetCollectionDescription
hal
KeStallExecutionProcessor
KeQueryPerformanceCounter
Sections
.text Size: 660KB - Virtual size: 659KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 289KB - Virtual size: 288KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 1.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 472B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.pgac Size: 680KB - Virtual size: 680KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ