Static task
static1
General
-
Target
6aaeae8bec00f1b7faf159dab59e5846e059a3b08e5727bb983144545149cc22
-
Size
48KB
-
MD5
5c5ab3fbf2f0d1ae0836a64241ac158a
-
SHA1
c292e785f91b6738f297dd940a5c26159aebf16b
-
SHA256
6aaeae8bec00f1b7faf159dab59e5846e059a3b08e5727bb983144545149cc22
-
SHA512
39bf00852193053fb4de2548f41c63caebc11f49c1b413c66a7852baf5ffc5c1af14e92d02d4a1ff6255c1291d81672c76f7c4c729bdc7fa641a7e478071ba34
-
SSDEEP
768:J+EL+PvE5WYiRNlK6uzdFMNT7DNGWPfEl97gaCM6uvRvRlGtmNlouKSttneg:80U2K/kIclBgLovNRlAuTeg
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6aaeae8bec00f1b7faf159dab59e5846e059a3b08e5727bb983144545149cc22
Files
-
6aaeae8bec00f1b7faf159dab59e5846e059a3b08e5727bb983144545149cc22.sys windows:6 windows x64 arch:x64
34ff1b9a30e652a557152738da5e3083
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
KeEnterCriticalRegion
IoVolumeDeviceToDosName
PsCreateSystemThread
ExInterlockedInsertTailList
PsTerminateSystemThread
ExReleaseResourceLite
RtlPrefixUnicodeString
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
RtlWriteRegistryValue
ExInterlockedRemoveHeadList
ExDeleteResourceLite
PsGetCurrentProcessId
RtlCopyUnicodeString
ObfDereferenceObject
ExInitializeResourceLite
DbgPrint
KeAcquireSpinLockRaiseToDpc
RtlUpcaseUnicodeString
MmGetSystemRoutineAddress
RtlGetVersion
ExInterlockedInsertHeadList
ExAllocatePool
RtlCompareMemory
ZwQueryInformationProcess
ObOpenObjectByPointer
PsProcessType
KeDelayExecutionThread
PsGetVersion
PsGetProcessId
FsRtlIsNameInExpression
ProbeForRead
PsSetLoadImageNotifyRoutine
PsGetProcessImageFileName
strstr
ZwMapViewOfSection
IoCreateFile
RtlUnicodeStringToAnsiString
RtlImageDirectoryEntryToData
ZwCreateFile
ZwUnmapViewOfSection
IoGetCurrentProcess
PsRemoveLoadImageNotifyRoutine
ObCloseHandle
RtlFreeAnsiString
MmIsAddressValid
ZwCreateSection
RtlImageNtHeader
ZwAllocateVirtualMemory
PsGetProcessPeb
ZwWaitForSingleObject
ZwQueryValueKey
RtlCompareUnicodeString
RtlUnicodeStringToInteger
ZwQueryInformationThread
DbgPrintEx
PsGetProcessWow64Process
ZwOpenKey
KeUnstackDetachProcess
ZwFreeVirtualMemory
KeStackAttachProcess
KeBugCheckEx
PsSetCreateProcessNotifyRoutine
KeReleaseSpinLock
PsResumeProcess
ZwQuerySystemInformation
PsSetCreateThreadNotifyRoutine
RtlQueryRegistryValues
KeInitializeEvent
RtlAppendUnicodeToString
PsSuspendProcess
KeSetEvent
RtlInitUnicodeString
PsLookupProcessByProcessId
PsRemoveCreateThreadNotifyRoutine
KeLeaveCriticalRegion
ExFreePoolWithTag
ExAllocatePoolWithTag
ExAcquireResourceExclusiveLite
PsLookupThreadByThreadId
_stricmp
__C_specific_handler
_local_unwind
fltmgr.sys
FltStartFiltering
FltParseFileNameInformation
FltReleaseFileNameInformation
FltRegisterFilter
FltBuildDefaultSecurityDescriptor
FltCloseCommunicationPort
FltUnregisterFilter
FltGetFileNameInformation
FltAllocateContext
FltReleaseContext
FltFreeSecurityDescriptor
FltGetVolumeProperties
FltGetDiskDeviceObject
FltCreateCommunicationPort
FltSetCallbackDataDirty
FltCloseClientPort
FltSendMessage
FltGetVolumeContext
FltSetVolumeContext
Sections
.text Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 720B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 300B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ