Static task
static1
General
-
Target
f1a904b02cc20176f6fa9d4786f97ba1b4348ce75fccd4a3daee29f50c7cf2a7
-
Size
239KB
-
MD5
dacd2aaba4935abc49826a01c618b446
-
SHA1
55c4f9ac2ae5d247172ea3799dd939173353bf04
-
SHA256
f1a904b02cc20176f6fa9d4786f97ba1b4348ce75fccd4a3daee29f50c7cf2a7
-
SHA512
c0ad36b7e94c1f4f88f8683d3fbe4fd5ded3d9519c21070d243c7fd1a47fab3b61bdef19393a9b2d88d9315ca8414acada0c937547fd66232a517682fd664776
-
SSDEEP
6144:xIjCWeaWmC+1zr0FLWNuNxQcogigqRypbOyA3ek0R4dKEPWUF75fUZDU3t7H1z2Q:yeaWpJNxQWQRyp
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f1a904b02cc20176f6fa9d4786f97ba1b4348ce75fccd4a3daee29f50c7cf2a7
Files
-
f1a904b02cc20176f6fa9d4786f97ba1b4348ce75fccd4a3daee29f50c7cf2a7.sys windows:6 windows x86
868deeaea93ee99883a726960cdb1b2e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlInitUnicodeString
PsSetLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
PsRemoveLoadImageNotifyRoutine
InterlockedPopEntrySList
InterlockedPushEntrySList
ExInitializePagedLookasideList
ExDeletePagedLookasideList
KeSetEvent
KeWaitForSingleObject
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
InitSafeBootMode
KeGetCurrentThread
IoCreateFile
RtlFreeAnsiString
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
IoFreeMdl
MmUnlockPages
MmUnmapLockedPages
memmove
MmProtectMdlSystemAddress
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
KeUnstackDetachProcess
KeStackAttachProcess
PsLookupProcessByProcessId
_stricmp
ZwSetInformationFile
ZwQueryInformationFile
ZwReadFile
ZwWriteFile
RtlRandomEx
KeTickCount
ZwCreateFile
ZwOpenFile
PsTerminateSystemThread
RtlAppendUnicodeStringToString
RtlUnicodeStringToAnsiString
KeInsertQueueApc
KeInitializeApc
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlImageDirectoryEntryToData
RtlImageNtHeader
PsThreadType
PsCreateSystemThread
RtlGetVersion
ZwDeleteValueKey
ZwSetValueKey
ZwQueryValueKey
RtlCompareUnicodeString
IofCompleteRequest
KeLeaveCriticalRegion
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
ExAcquireResourceSharedLite
ExReleaseResourceLite
ObQueryNameString
MmGetSystemRoutineAddress
ObOpenObjectByPointer
ObfReferenceObject
MmIsAddressValid
RtlPrefixUnicodeString
MmUserProbeAddress
ZwDeviceIoControlFile
CmUnRegisterCallback
CmRegisterCallback
KeDelayExecutionThread
KeQueryTimeIncrement
_alldiv
ZwClose
ZwQueryInformationProcess
ZwOpenProcess
PsGetProcessInheritedFromUniqueProcessId
ProbeForWrite
ExRaiseDatatypeMisalignment
wcsncpy
RtlSetDaclSecurityDescriptor
ExRegisterCallback
ExCreateCallback
ExUnregisterCallback
IoRegisterShutdownNotification
KeQuerySystemTime
PsGetProcessCreateTimeQuadPart
RtlCopyUnicodeString
KeResetEvent
KeBugCheckEx
ObOpenObjectByName
ZwOpenKey
ZwCreateKey
RtlCompareMemory
RtlUnwind
ProbeForRead
PsGetCurrentThreadId
ExGetPreviousMode
ObReferenceObjectByHandle
ObfDereferenceObject
RtlEqualUnicodeString
RtlAppendUnicodeToString
KeInitializeEvent
memcpy
ZwQuerySystemInformation
ExDeleteResourceLite
RtlHashUnicodeString
ExInitializeResourceLite
ExFreePoolWithTag
KeInsertQueueDpc
KeSetTargetProcessorDpc
KeInitializeDpc
KeNumberProcessors
towupper
FsRtlIsNameInExpression
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwEnumerateKey
ZwEnumerateValueKey
PsProcessType
PsLookupThreadByThreadId
IoGetDeviceObjectPointer
RtlQueryRegistryValues
KeAreApcsDisabled
ExRaiseStatus
IoVolumeDeviceToDosName
_wcsnicmp
RtlMultiByteToUnicodeN
RtlAssert
DbgPrint
PsIsThreadTerminating
_allshl
_aullshr
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
RtlDecompressBuffer
RtlDeleteElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlInitializeGenericTableAvl
FsRtlDissectName
_allmul
PsGetCurrentProcessId
memset
IoGetCurrentProcess
ExAllocatePoolWithTag
hal
KfRaiseIrql
KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
KfLowerIrql
fltmgr.sys
FltDeletePushLock
FltCloseClientPort
FltRegisterFilter
FltBuildDefaultSecurityDescriptor
FltCreateCommunicationPort
FltStartFiltering
FltFreeSecurityDescriptor
FltCloseCommunicationPort
FltUnregisterFilter
FltInitializePushLock
FltAcquirePushLockExclusive
FltAcquirePushLockShared
FltReleasePushLock
FltSendMessage
Sections
.text Size: 204KB - Virtual size: 204KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 896B - Virtual size: 808B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ