Static task
static1
General
-
Target
NEAS.fbc374adacd20e0138bfac4b1080cb00.exe
-
Size
2.3MB
-
MD5
fbc374adacd20e0138bfac4b1080cb00
-
SHA1
fc958abcd378fefc80be0f32a9ffc83fe33ba297
-
SHA256
a363312447bf83bd50f77112adafb4ad71b0b0214bc140d9edc90098b1b33bed
-
SHA512
398a0d47e1d62103fbb401e845db819e1d5a6f91dd198773d8f078ecbc9944b1a8c4706e6d5e477c18f2235c62c4c6d543ca78c722d4613e00f75cb48e767549
-
SSDEEP
49152:XpVdzaO+itqdEvTmImuEZ0fD7iG6p6HeJ1opF1A89BGSKmKAgaM:5VFahitX2LqfDFPHQ1oprT9uZrJ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.fbc374adacd20e0138bfac4b1080cb00.exe
Files
-
NEAS.fbc374adacd20e0138bfac4b1080cb00.exe.sys windows:6 windows x64
e56e196592a2b619d115c9545f3147db
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
RtlAnsiStringToUnicodeString
RtlTimeToSecondsSince1970
PsGetProcessImageFileName
PsLookupProcessByProcessId
ZwReadFile
KeSetPriorityThread
KeInitializeApc
IoGetRelatedDeviceObject
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
KeInsertQueueApc
MmGetSystemRoutineAddress
IoCreateFile
KeInitializeEvent
RtlInitAnsiString
RtlUnicodeStringToAnsiString
RtlGetVersion
ZwDeleteValueKey
ZwSetValueKey
ZwQuerySystemInformation
PsSetCreateProcessNotifyRoutine
KeUnstackDetachProcess
KeDelayExecutionThread
RtlFreeUnicodeString
ObQueryNameString
IoFileObjectType
ZwWaitForSingleObject
ZwCreateFile
wcsrchr
wcsstr
PsCreateSystemThread
ZwQueryValueKey
ExAllocatePool
ExFreePoolWithTag
PsTerminateSystemThread
ExEventObjectType
RtlRandomEx
ZwClose
RtlAppendUnicodeStringToString
IofCompleteRequest
IoGetDeviceAttachmentBaseRef
RtlRandom
ObReferenceObjectByHandle
KeWaitForSingleObject
IoCreateFileSpecifyDeviceObjectHint
ZwFlushKey
IoFreeIrp
RtlFreeAnsiString
RtlTimeToSecondsSince1980
RtlCompareUnicodeString
IoAllocateIrp
ExInterlockedRemoveHeadList
CmRegisterCallback
ZwQueryInformationProcess
IoCreateSymbolicLink
PsGetCurrentProcessId
RtlCopyUnicodeString
MmIsAddressValid
ObfDereferenceObject
IoCreateDevice
ZwQueryInformationFile
ZwWriteFile
KeStackAttachProcess
PsLookupThreadByThreadId
IofCallDriver
ZwAllocateVirtualMemory
ZwOpenKey
KeBugCheckEx
ZwCreateKey
ExAllocatePoolWithTag
_strnicmp
_wcsicmp
ExInterlockedInsertTailList
_stricmp
fltmgr.sys
FltRegisterFilter
FltUnregisterFilter
FltStartFiltering
Sections
.text Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 220KB - Virtual size: 220KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 748B - Virtual size: 748B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.l1 Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE