Static task
static1
General
-
Target
e5e2e5829712c5a0c04ba20ba5323dbca922d9a8e69669cfdbf8614b4c1c0e11
-
Size
2.0MB
-
MD5
0ce83ee7317c01160e7571e5b971e698
-
SHA1
e1f955711784cfab8064a0878d8582cfa7a93650
-
SHA256
e5e2e5829712c5a0c04ba20ba5323dbca922d9a8e69669cfdbf8614b4c1c0e11
-
SHA512
add7b30635c724a43987b092b325d16b27a79f64fc3285ab4ab375749aa08eae69a070911ce5bd1465f077382fe48b828f95d519e20010e3f60a3a9f9de3a6ca
-
SSDEEP
49152:+T9z9EaeP81NXYQo5XGYXxUf5e+RhDZGsMHu054sTVWSj:Oo81JYQaGCMRGHu054Q
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e5e2e5829712c5a0c04ba20ba5323dbca922d9a8e69669cfdbf8614b4c1c0e11
Files
-
e5e2e5829712c5a0c04ba20ba5323dbca922d9a8e69669cfdbf8614b4c1c0e11.sys windows:10 windows x64
7fdd92e158e22caf79f8c18d1ac409ca
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ExFreePoolWithTag
MmUnlockPages
IoFreeMdl
ObReferenceObjectByHandle
ObReferenceObjectByHandleWithTag
ObCloseHandle
ObfDereferenceObject
ZwClose
IoCreateFileEx
MmFlushImageSection
ZwDeleteFile
IoFileObjectType
_strnicmp
RtlUpperChar
MmHighestUserAddress
KeGetCurrentIrql
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
PsGetVersion
IoAllocateMdl
IoGetCurrentProcess
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ZwAllocateVirtualMemory
__C_specific_handler
MmSystemRangeStart
MmUserProbeAddress
_wcsnicmp
RtlAppendUnicodeStringToString
KeAreAllApcsDisabled
ExRaiseStatus
ExQueueWorkItem
IoCreateFile
IoGetDeviceObjectPointer
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
MmIsAddressValid
IoVolumeDeviceToDosName
ZwOpenDirectoryObject
KeDelayExecutionThread
KeAreApcsDisabled
ExEnterCriticalRegionAndAcquireResourceExclusive
ExReleaseResourceAndLeaveCriticalRegion
ExAcquireRundownProtection
ExReleaseRundownProtection
ObfReferenceObject
KeWaitForSingleObject
PsGetThreadProcessId
ZwTerminateProcess
PsIsSystemThread
ObOpenObjectByPointer
ObGetObjectType
ExfAcquirePushLockShared
ExfReleasePushLock
ZwQuerySystemInformation
ZwQueryInformationProcess
PsProcessType
PsThreadType
PsInitialSystemProcess
KeEnterCriticalRegion
KeLeaveCriticalRegion
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
_stricmp
RtlCompareMemory
KeQueryActiveProcessorCountEx
ExEnterCriticalRegionAndAcquireResourceShared
PsGetCurrentThreadId
IoDriverObjectType
towlower
strncpy
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
ExInitializeResourceLite
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
ObRegisterCallbacks
ObGetFilterVersion
ExUuidCreate
PsSetCreateProcessNotifyRoutine
ZwQueryVirtualMemory
_vsnwprintf
RtlPcToFileHeader
PsGetProcessSectionBaseAddress
IoCreateDriver
KdDebuggerEnabled
KeBugCheckEx
KeSetEvent
KeInitializeEvent
Sections
.text Size: 44KB - Virtual size: 43KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 864B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE