Static task
static1
General
-
Target
0345c1fc33fe77b867695c86e5e186f17cca5532274fdd1fbd3727988bdf5ec0
-
Size
2.2MB
-
MD5
00e0b173ac19ed03f9cdac8b815d0ebc
-
SHA1
6f59d4645803ffafd2b845f301f238ba51e62ff8
-
SHA256
0345c1fc33fe77b867695c86e5e186f17cca5532274fdd1fbd3727988bdf5ec0
-
SHA512
a1d18bc0610c9b4492305c09e60435a32a7d58c9d880859b1128f850c10a392a232ed07add1955a74bcab8b2b090ea6a48fa696fcca8c5f6091c1dbb69af452a
-
SSDEEP
49152:40FHE3vK422/7nG3rdC6ufLOHI3OT6XqZ4Gn0cM:4FfKCnG3rdwB3zXqZ4Gni
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0345c1fc33fe77b867695c86e5e186f17cca5532274fdd1fbd3727988bdf5ec0
Files
-
0345c1fc33fe77b867695c86e5e186f17cca5532274fdd1fbd3727988bdf5ec0.sys windows:10 windows x64
7fdd92e158e22caf79f8c18d1ac409ca
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ExFreePoolWithTag
MmUnlockPages
IoFreeMdl
ObReferenceObjectByHandle
ObReferenceObjectByHandleWithTag
ObCloseHandle
ObfDereferenceObject
ZwClose
IoCreateFileEx
MmFlushImageSection
ZwDeleteFile
IoFileObjectType
_strnicmp
RtlUpperChar
MmHighestUserAddress
KeGetCurrentIrql
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
PsGetVersion
IoAllocateMdl
IoGetCurrentProcess
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ZwAllocateVirtualMemory
__C_specific_handler
MmSystemRangeStart
MmUserProbeAddress
_wcsnicmp
RtlAppendUnicodeStringToString
KeAreAllApcsDisabled
ExRaiseStatus
ExQueueWorkItem
IoCreateFile
IoGetDeviceObjectPointer
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
MmIsAddressValid
IoVolumeDeviceToDosName
ZwOpenDirectoryObject
KeDelayExecutionThread
KeAreApcsDisabled
ExEnterCriticalRegionAndAcquireResourceExclusive
ExReleaseResourceAndLeaveCriticalRegion
ExAcquireRundownProtection
ExReleaseRundownProtection
ObfReferenceObject
KeWaitForSingleObject
PsGetThreadProcessId
ZwTerminateProcess
PsIsSystemThread
ObOpenObjectByPointer
ObGetObjectType
ExfAcquirePushLockShared
ExfReleasePushLock
ZwQuerySystemInformation
ZwQueryInformationProcess
PsProcessType
PsThreadType
PsInitialSystemProcess
KeEnterCriticalRegion
KeLeaveCriticalRegion
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
_stricmp
RtlCompareMemory
KeQueryActiveProcessorCountEx
ExEnterCriticalRegionAndAcquireResourceShared
PsGetCurrentThreadId
IoDriverObjectType
towlower
strncpy
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
ExInitializeResourceLite
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
ObRegisterCallbacks
ObGetFilterVersion
ExUuidCreate
PsSetCreateProcessNotifyRoutine
ZwQueryVirtualMemory
_vsnwprintf
RtlPcToFileHeader
PsGetProcessSectionBaseAddress
IoCreateDriver
KdDebuggerEnabled
KeBugCheckEx
KeSetEvent
KeInitializeEvent
Sections
.text Size: 45KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 864B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE