Static task
static1
General
-
Target
611d3f362a725288aec8cf516e131c40b6b53b5ff02230d7bb764b5b45ff43e3
-
Size
325KB
-
MD5
e17105222be4cb42150d75894489cd8d
-
SHA1
9748a38a22e164c2dcde69f02c568dcd0452e5c5
-
SHA256
611d3f362a725288aec8cf516e131c40b6b53b5ff02230d7bb764b5b45ff43e3
-
SHA512
9ceb095160dceb10a045a96ff8e6b9cdde4697c07991663d95a94c6c0ec0a70e4b9da3b5c33d770461ada6ce5872114885b8e182ec2f9d635a67d9388ae1de15
-
SSDEEP
6144:kg8fnFSvUdMlpQ6WEYKHgDC0nWJu3K70cHy4Fwiv2gAknu5zfB8VOR6gAc9ObK2D:QFSvU2l7WjKjCcYpa
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 611d3f362a725288aec8cf516e131c40b6b53b5ff02230d7bb764b5b45ff43e3
Files
-
611d3f362a725288aec8cf516e131c40b6b53b5ff02230d7bb764b5b45ff43e3.sys windows:6 windows x86
80f1503360150bb984c54590710a82c5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ObQueryNameString
RtlImageNtHeader
RtlMultiByteToUnicodeN
IoGetDeviceObjectPointer
KeInitializeEvent
ProbeForRead
ProbeForWrite
PsSetCreateProcessNotifyRoutine
ExInitializeResourceLite
ExAcquireResourceSharedLite
KeEnterCriticalRegion
ExAcquireResourceExclusiveLite
KeLeaveCriticalRegion
ExReleaseResourceLite
ExDeleteResourceLite
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlDeleteElementGenericTable
RtlEnumerateGenericTable
RtlInitializeGenericTable
CmRegisterCallback
MmHighestUserAddress
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
PsLookupThreadByThreadId
PsGetCurrentThreadId
KeDelayExecutionThread
PsCreateSystemThread
MmSystemRangeStart
PsSetLoadImageNotifyRoutine
RtlUpcaseUnicodeString
wcsnlen
ZwDeleteValueKey
ZwCreateKey
ZwSetValueKey
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
wcschr
ZwQueryValueKey
RtlDecompressBuffer
IoGetDeviceAttachmentBaseRef
ZwReadFile
RtlAppendUnicodeStringToString
InterlockedPopEntrySList
InterlockedPushEntrySList
ExDeletePagedLookasideList
ExInitializePagedLookasideList
RtlAppendUnicodeToString
CmUnRegisterCallback
ZwWriteFile
ZwSetInformationFile
ZwDeleteFile
ZwQueryInformationFile
IoFreeMdl
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
MmUnmapLockedPages
ZwOpenFile
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlCreateUnicodeString
_wcsicmp
wcsncpy
wcsncmp
RtlGetVersion
RtlIntegerToUnicodeString
RtlUnicodeStringToInteger
ZwEnumerateKey
ZwQueryKey
_allmul
KeTickCount
wcsrchr
ExInitializeRundownProtection
PsIsSystemThread
IoGetTopLevelIrp
RtlPrefixUnicodeString
ZwQuerySymbolicLinkObject
MmIsAddressValid
KeSetEvent
ZwSetInformationThread
ExAcquireRundownProtection
ExReleaseRundownProtection
ExWaitForRundownProtectionRelease
KeResetEvent
KeWaitForSingleObject
KeInitializeSemaphore
KeWaitForMultipleObjects
KeReleaseSemaphore
_alldiv
memmove
ZwQueryInformationProcess
ObOpenObjectByPointer
ExSystemTimeToLocalTime
PsGetVersion
KeQuerySystemTime
RtlInitAnsiString
_wcsnicmp
CmKeyObjectType
MmUserProbeAddress
IoFileObjectType
_chkstk
ZwTerminateProcess
ZwOpenProcess
FsRtlDissectName
RtlDeleteElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlGetElementGenericTableAvl
KeQueryTimeIncrement
ExSemaphoreObjectType
ExfInterlockedInsertTailList
ExfInterlockedRemoveHeadList
KeBugCheckEx
RtlUnwind
ObfReferenceObject
ZwOpenKey
RtlCompareMemory
KeGetCurrentThread
RtlCopyUnicodeString
RtlCompareUnicodeString
PsTerminateSystemThread
IoGetCurrentProcess
PsInitialSystemProcess
PsProcessType
PsGetProcessId
PsLookupProcessByProcessId
ExGetPreviousMode
PsThreadType
ObReferenceObjectByHandle
ObfDereferenceObject
memcpy
IoThreadToProcess
PsGetProcessInheritedFromUniqueProcessId
RtlHashUnicodeString
PsGetThreadProcessId
RtlEqualUnicodeString
InitSafeBootMode
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoRegisterShutdownNotification
MmGetSystemRoutineAddress
RtlInitUnicodeString
PsGetCurrentProcessId
IofCompleteRequest
ZwCreateFile
ZwDeviceIoControlFile
ZwClose
_vsnwprintf
memset
ZwDeleteKey
PsIsThreadTerminating
KeInsertQueueApc
KeInitializeApc
FsRtlIsNameInExpression
RtlFreeAnsiString
FsRtlIsDbcsInExpression
RtlUnicodeStringToAnsiString
ZwQuerySystemInformation
PsGetProcessCreateTimeQuadPart
KeUnstackDetachProcess
KeStackAttachProcess
PsGetProcessPeb
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
PsGetCurrentThreadTeb
ZwEnumerateValueKey
IoAllocateIrp
IoGetBaseFileSystemDeviceObject
IoFreeIrp
IoCreateFile
ZwSetInformationObject
ZwQueryObject
ZwDuplicateObject
RtlQueryRegistryValues
KeAreApcsDisabled
ExRaiseStatus
IoVolumeDeviceToDosName
IoGetRelatedDeviceObject
IoCreateFileSpecifyDeviceObjectHint
ZwQueryDirectoryFile
_allshl
_aullshr
ExAllocatePoolWithTag
ZwOpenSymbolicLinkObject
ExFreePoolWithTag
hal
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql
fltmgr.sys
FltDeletePushLock
FltRegisterFilter
FltGetFileNameInformationUnsafe
FltCreateFile
FltClose
FltSendMessage
FltQueryInformationFile
FltGetDestinationFileNameInformation
FltParseFileNameInformation
FltSetStreamContext
FltAllocateContext
FltGetVolumeContext
FltGetStreamContext
FltGetRequestorProcessId
FltGetRequestorProcess
FltReadFile
FltGetVolumeProperties
FltSetVolumeContext
FltReleaseContext
FltGetVolumeName
FltAcquirePushLockExclusive
FltAcquirePushLockShared
FltReleasePushLock
FltInitializePushLock
FltGetFileNameInformation
FltReleaseFileNameInformation
FltBuildDefaultSecurityDescriptor
FltCreateCommunicationPort
FltFreeSecurityDescriptor
FltCloseClientPort
FltStartFiltering
Sections
.text Size: 282KB - Virtual size: 281KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 808B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ