Static task
static1
General
-
Target
13638bcea80806e8a4dcd2cb9f05a5ad
-
Size
45KB
-
MD5
13638bcea80806e8a4dcd2cb9f05a5ad
-
SHA1
4e81eb3885703fe9264cbb5f91234e657bf0f338
-
SHA256
763e81b5d20217c9cc1aa2ecd12807477fc2a916027ffc1283628bb3d3de62f6
-
SHA512
4c6b4b4893597f8c7f03151bea074dc6cded79525e27c0e0ddce60d6d242da6419a2aa39f0500644997017900fc1fefd85ea840eb40ec051f8fe06bb01970a8b
-
SSDEEP
768:J9XuoxdFGYsLJBvufkGwyLtuNKu2/++eASgHv2POwivS7/2y:3Xu4QYeBvuf0yoNK5++eASgHYONWe
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 13638bcea80806e8a4dcd2cb9f05a5ad
Files
-
13638bcea80806e8a4dcd2cb9f05a5ad.sys windows:5 windows x86 arch:x86
e287c285123ece1e70cdbff5603cce08
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PsSetCreateProcessNotifyRoutine
strncmp
IoGetCurrentProcess
_except_handler3
ZwClose
ZwCreateFile
IoRegisterDriverReinitialization
PsSetCreateThreadNotifyRoutine
IoRegisterShutdownNotification
IoRegisterFsRegistrationChange
_wcslwr
ExInitializeNPagedLookasideList
KeInitializeEvent
ExAllocatePoolWithTag
IoCreateSymbolicLink
IoCreateDevice
ObfDereferenceObject
IoGetDeviceObjectPointer
MmGetSystemRoutineAddress
IoDetachDevice
InterlockedPopEntrySList
InterlockedPushEntrySList
IofCallDriver
IofCompleteRequest
IoGetBaseFileSystemDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
RtlAppendUnicodeToString
wcscat
wcslen
wcscpy
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
RtlAppendStringToString
_snprintf
RtlCompareString
_strlwr
RtlAppendUnicodeStringToString
ObQueryNameString
RtlCopyUnicodeString
RtlCompareUnicodeString
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
IoAttachDeviceToDeviceStack
strncpy
ExFreePoolWithTag
IoFreeIrp
KeWaitForSingleObject
KeGetCurrentThread
IoAllocateIrp
memmove
_stricmp
IoCreateNotificationEvent
PsGetCurrentThreadId
PsGetCurrentProcessId
MmIsAddressValid
ExInitializeResourceLite
ExDeleteResourceLite
KeLeaveCriticalRegion
ExAcquireResourceSharedLite
KeEnterCriticalRegion
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
ExQueueWorkItem
IoBuildDeviceIoControlRequest
RtlEqualUnicodeString
ObfReferenceObject
KeDelayExecutionThread
ZwDeleteFile
_snwprintf
RtlFreeUnicodeString
ZwSetValueKey
ZwDeleteValueKey
ZwQueryValueKey
ZwOpenKey
PsLookupProcessByProcessId
ZwQueryInformationProcess
ExGetPreviousMode
ZwTerminateProcess
KeServiceDescriptorTable
wcsncpy
strstr
ZwEnumerateKey
ZwEnumerateValueKey
ZwDeleteKey
strrchr
RtlUnicodeStringToInteger
wcschr
ZwOpenFile
ZwQueryInformationFile
ZwReadFile
ZwCreateKey
RtlInitUnicodeString
IoDeleteSymbolicLink
KeSetEvent
IoDeleteDevice
hal
ExReleaseFastMutex
KeGetCurrentIrql
ExAcquireFastMutex
Sections
.text Size: 30KB - Virtual size: 30KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 936B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ