Static task
static1
General
-
Target
877cd238e0d2da37fde28a508bd470b53e1134d48be63aaac35732d318e11b90
-
Size
1.9MB
-
MD5
7a98776f249bab4ac4d64ef0a7a9858c
-
SHA1
2b2c6635696dd9c2b56462ce419ef44d2e9fdf58
-
SHA256
877cd238e0d2da37fde28a508bd470b53e1134d48be63aaac35732d318e11b90
-
SHA512
30c3525ff5f5941103f8ef7f34733922b61a3a93723a83ff198cfb5b686642da3d0df67f0bfe9fcdea15f0cbf5c58d5f0a34f82f3e17e85e61a87c71264b9423
-
SSDEEP
12288:GK6Kd4NIp5TQh7vUTLhQXRIa+G8F53ZwzHnG:p6I82FeATLhgR3j05pm
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 877cd238e0d2da37fde28a508bd470b53e1134d48be63aaac35732d318e11b90
Files
-
877cd238e0d2da37fde28a508bd470b53e1134d48be63aaac35732d318e11b90.sys windows:10 windows x64
d5dadb030d51fd37a08a6bd33e06b585
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
RtlInitUnicodeString
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
IoAllocateIrp
IofCallDriver
IoCreateFile
IoFreeIrp
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
__C_specific_handler
IoFileObjectType
RtlImageNtHeader
RtlImageDirectoryEntryToData
strcmp
RtlCompareUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
PsCreateSystemThread
PsTerminateSystemThread
PsGetVersion
ZwCreateFile
ZwQueryInformationFile
ZwReadFile
RtlRandom
ZwQueryInformationThread
ObReferenceObjectByName
PsThreadType
IoDriverObjectType
MmGetSystemRoutineAddress
strlen
wcscat
wcscpy
wcslen
_wcsicmp
RtlGetVersion
KeDelayExecutionThread
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
MmProbeAndLockPages
MmUnlockPages
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
IoAllocateMdl
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
IoGetCurrentProcess
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
PsGetProcessCreateTimeQuadPart
sprintf_s
swprintf
swscanf_s
__chkstk
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlRandomEx
ZwQuerySystemInformation
isupper
strstr
RtlCompareUnicodeStrings
RtlCompareString
Sections
%%u^h<#Q Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
pM*g'H8X Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
C`1QO2E9 Size: 512B - Virtual size: 896B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
q;_>xq@T Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
;H0">jy Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
3b83jn1; Size: 427KB - Virtual size: 427KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
s$&+/-(f Size: 512B - Virtual size: 112B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gwpv<pg Size: 72KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
yn>xnzn Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE