Static task
static1
General
-
Target
NEAS.90926df524f270808f22cc33d1391980.exe
-
Size
79KB
-
MD5
90926df524f270808f22cc33d1391980
-
SHA1
d447f5180696fa85295104759182764330915b8f
-
SHA256
d52d74467ad1c0286e9211f0dabedb9fe85caa5b49df6da45b6fe46b6c85cc29
-
SHA512
5dafd038a52620229afeb003203dce23b9ee9337a1f1fe98aaea821451e8163b29f301b31a7a93006f9ab2492c0a1641ab546101ae5991d0184a6a29470accff
-
SSDEEP
1536:d9FXXdR0us3h5iiEzxLR0+JEAGRdiClszxs5jQ9z9g:VHdR05gzxLR3JgdK9hg
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.90926df524f270808f22cc33d1391980.exe
Files
-
NEAS.90926df524f270808f22cc33d1391980.exe.sys windows:10 windows x64
5c8e98649f2ec7b5b986e2fd36596bd8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ndis.sys
NdisGetRoutineAddress
ntoskrnl.exe
ExGetPreviousMode
RtlInitUnicodeString
ZwOpenFile
ZwDeviceIoControlFile
ZwClose
ExAllocatePoolWithTag
ExFreePoolWithTag
RtlCreateAcl
RtlAddAccessAllowedAce
SeExports
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlValidSecurityDescriptor
ObOpenObjectByPointer
ZwSetSecurityObject
__C_specific_handler
IoFreeWorkItem
KeGetCurrentIrql
IoAllocateWorkItem
IoQueueWorkItemEx
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
KeDelayExecutionThread
RtlStringFromGUID
MmGetSystemRoutineAddress
RtlQueryRegistryValues
RtlFreeUnicodeString
IoWMIRegistrationControl
RtlGetVersion
PsGetCurrentProcessId
ObReferenceObjectByHandle
ExEventObjectType
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
PsRemoveCreateThreadNotifyRoutine
IoDeleteSymbolicLink
IoDeleteDevice
PsGetVersion
IoCreateDevice
IoCreateSymbolicLink
PsSetCreateThreadNotifyRoutine
IoQueueWorkItem
ObfDereferenceObject
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeSetEvent
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
KeQueryTimeIncrement
wcsncmp
_strnicmp
RtlCompareUnicodeString
RtlInitAnsiString
RtlAnsiStringToUnicodeString
KeWaitForSingleObject
ZwSetInformationFile
ZwCreateFile
IoCreateFileSpecifyDeviceObjectHint
ZwReadFile
ZwWriteFile
ZwQueryInformationFile
IoGetRelatedDeviceObject
KeInitializeEvent
IoBuildSynchronousFsdRequest
IofCallDriver
MmSystemRangeStart
MmHighestUserAddress
KeStackAttachProcess
KeUnstackDetachProcess
ZwOpenProcess
ZwQueryInformationProcess
ProbeForRead
ProbeForWrite
IoGetDeviceObjectPointer
ObfReferenceObject
IoBuildDeviceIoControlRequest
wcschr
ZwQueryDirectoryFile
IoQueryFileDosDeviceName
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
wcsrchr
ObQueryNameString
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
ZwOpenKey
ZwQueryValueKey
ExpInterlockedPopEntrySList
ExQueryDepthSList
ExpInterlockedPushEntrySList
KeBugCheckEx
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 292B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 68B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ