Static task
static1
General
-
Target
0f615bae00e45ee2186e5d1dc199cd9204488ebc68ad1f59e24b44e3441d93c4
-
Size
2.0MB
-
MD5
de1c26eb2274a87849961b376852d6bc
-
SHA1
fbdbdb96061d45be122bc6410a91e62ed851ede3
-
SHA256
0f615bae00e45ee2186e5d1dc199cd9204488ebc68ad1f59e24b44e3441d93c4
-
SHA512
9dfdc4e54cc33694f576d32c98267f9569329ef997b599d961dd86153a55b500bc87f3c6fbcc3b6ebb13a67dbe0cb2cf0042910931292cb497f804b7639afa6e
-
SSDEEP
49152:gv/dfJN/HmQOOxC99DHBbCA9MakFke+fgu6T:gvlfJkQHk99j06RkFzT
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0f615bae00e45ee2186e5d1dc199cd9204488ebc68ad1f59e24b44e3441d93c4
Files
-
0f615bae00e45ee2186e5d1dc199cd9204488ebc68ad1f59e24b44e3441d93c4.sys windows:10 windows x64
7fdd92e158e22caf79f8c18d1ac409ca
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ExFreePoolWithTag
MmUnlockPages
IoFreeMdl
ObReferenceObjectByHandle
ObReferenceObjectByHandleWithTag
ObCloseHandle
ObfDereferenceObject
ZwClose
IoCreateFileEx
MmFlushImageSection
ZwDeleteFile
IoFileObjectType
_strnicmp
RtlUpperChar
MmHighestUserAddress
KeGetCurrentIrql
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
PsGetVersion
IoAllocateMdl
IoGetCurrentProcess
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ZwAllocateVirtualMemory
__C_specific_handler
MmSystemRangeStart
MmUserProbeAddress
_wcsnicmp
RtlAppendUnicodeStringToString
KeAreAllApcsDisabled
ExRaiseStatus
ExQueueWorkItem
IoCreateFile
IoGetDeviceObjectPointer
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
MmIsAddressValid
IoVolumeDeviceToDosName
ZwOpenDirectoryObject
KeDelayExecutionThread
KeAreApcsDisabled
ExEnterCriticalRegionAndAcquireResourceExclusive
ExReleaseResourceAndLeaveCriticalRegion
ExAcquireRundownProtection
ExReleaseRundownProtection
ObfReferenceObject
KeWaitForSingleObject
PsGetThreadProcessId
ZwTerminateProcess
PsIsSystemThread
ObOpenObjectByPointer
ObGetObjectType
ExfAcquirePushLockShared
ExfReleasePushLock
ZwQuerySystemInformation
ZwQueryInformationProcess
PsProcessType
PsThreadType
PsInitialSystemProcess
KeEnterCriticalRegion
KeLeaveCriticalRegion
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
_stricmp
RtlCompareMemory
KeQueryActiveProcessorCountEx
ExEnterCriticalRegionAndAcquireResourceShared
PsGetCurrentThreadId
IoDriverObjectType
towlower
strncpy
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
ExInitializeResourceLite
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
ObRegisterCallbacks
ObGetFilterVersion
ExUuidCreate
PsSetCreateProcessNotifyRoutine
ZwQueryVirtualMemory
_vsnwprintf
RtlPcToFileHeader
PsGetProcessSectionBaseAddress
IoCreateDriver
KdDebuggerEnabled
KeBugCheckEx
KeSetEvent
KeInitializeEvent
Sections
.text Size: 44KB - Virtual size: 43KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 864B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE