Static task
static1
General
-
Target
3f643e4cd52f7c33ae70643117a9446c4692cd1062804f56d85d4ee6cbca7a4e
-
Size
69KB
-
MD5
11706055a57d838115e6c69f7b86701c
-
SHA1
4d86d65afb55e9bcb954bf0e4e8ef615295ed01e
-
SHA256
3f643e4cd52f7c33ae70643117a9446c4692cd1062804f56d85d4ee6cbca7a4e
-
SHA512
efa41c3b1703a0d36a45fdf5eb2225b879e13256161b3534720dea98d8f25bf555627178bc90e337ff04ff2850688ff9a02b37370eea9e81e291ac25c82867cf
-
SSDEEP
768:lXokmWt9RcSNu5O+34h+UNCBcz0J4KFHa0URrcGtJRhepoVLgLa12WS4sEJPx7Lz:R75Og/dN440JDHB6YTqELalPxvuY
Malware Config
Signatures
Files
-
3f643e4cd52f7c33ae70643117a9446c4692cd1062804f56d85d4ee6cbca7a4e.sys windows:6 windows x86
7bfdfbff6135434b6b3bd20ac8a629b5
Code Sign
41:86:51:b7:ae:b6:90:a5:47:6a:ae:b7:ba:7a:5c:cdCertificate
IssuerCN=LdsDriverSignTestNot Before08/06/2023, 05:47Not After31/12/2039, 23:59SubjectCN=LdsDriverSignTest0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21/09/2022, 00:00Not After21/11/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
02:c2:4b:77:c6:3d:12:f1:ab:a6:a9:b9:c1:c4:77:74:f4:99:59:fd:e1:5f:93:11:17:dc:49:48:6e:95:29:07Signer
Actual PE Digest02:c2:4b:77:c6:3d:12:f1:ab:a6:a9:b9:c1:c4:77:74:f4:99:59:fd:e1:5f:93:11:17:dc:49:48:6e:95:29:07Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
memcpy
memset
towlower
KeQueryTimeIncrement
KeTickCount
_alldiv
_allmul
ZwOpenKey
ZwClose
ZwCreateFile
ObfDereferenceObject
RtlInitUnicodeString
ObQueryNameString
ZwQueryValueKey
RtlRandomEx
RtlCopyUnicodeString
ZwQueryInformationProcess
ZwOpenProcess
RtlQueryRegistryValues
ZwQueryKey
ExFreePoolWithTag
sprintf
RtlGetVersion
IofCallDriver
IofCompleteRequest
RtlWriteRegistryValue
RtlCheckRegistryKey
IoDeleteSymbolicLink
IoDeleteDevice
PsSetCreateProcessNotifyRoutineEx
IoUnregisterShutdownNotification
IoRegisterFsRegistrationChange
IoRegisterShutdownNotification
IoCreateSymbolicLink
IoCreateDevice
IoGetLowerDeviceObject
IoGetAttachedDeviceReference
IoAttachDeviceToDeviceStackSafe
IoDetachDevice
IoEnumerateDeviceObjectList
IoUnregisterFsRegistrationChange
_vsnwprintf
ZwSetValueKey
ZwCreateKey
RtlAppendUnicodeToString
swprintf
CmUnRegisterCallback
RtlTimeFieldsToTime
RtlTimeToTimeFields
CmRegisterCallback
KeBugCheckEx
RtlUnwind
PsGetCurrentProcessId
KeDelayExecutionThread
PsGetVersion
MmGetSystemRoutineAddress
hal
KeGetCurrentIrql
Sections
.text Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 32.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 960B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ