Static task
static1
General
-
Target
0496bc4884a5ff71e95583e02cd86431
-
Size
51KB
-
MD5
0496bc4884a5ff71e95583e02cd86431
-
SHA1
afba60bafd4ea4bc5730af4a72825364d65c8f00
-
SHA256
8fb22196068cc9edad4b410dc8d0a72690c5abefcb50dc0f23adedba91f797e8
-
SHA512
33ab43cafa06471bc773bef2fceefa4fddead0300dcebf953ee93d013fa8fab527893d5fc0fec473cda6ff17ed2d745e02e38d19b58eb2f33a79da9cca05159d
-
SSDEEP
1536:TSrQd5+nH1VLZoFWyE8ZFyKxPDqoIq/Z5bf:eQeH1VLP8vyw/nbf
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0496bc4884a5ff71e95583e02cd86431
Files
-
0496bc4884a5ff71e95583e02cd86431.sys windows:6 windows x86 arch:x86
b6090ac59f6e16bab9e1334108365c6c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoDeleteDevice
IoAttachDeviceToDeviceStack
ZwClose
ZwMakeTemporaryObject
ZwCreateDirectoryObject
IoRegisterBootDriverReinitialization
IoFreeIrp
IoFreeMdl
ExfInterlockedPopEntryList
ExfInterlockedPushEntryList
MmBuildMdlForNonPagedPool
IoAllocateMdl
ZwQueryValueKey
RtlUnicodeStringToInteger
IoReadDiskSignature
IoBuildDeviceIoControlRequest
_vsnprintf
IoGetConfigurationInformation
RtlQueryRegistryValues
IoOpenDeviceRegistryKey
IoCreateSymbolicLink
IoDeleteSymbolicLink
RtlFreeUnicodeString
IoSetDeviceInterfaceState
KeInitializeMutex
InitSafeBootMode
IoRegisterDeviceInterface
HalExamineMBR
KeTickCount
KeBugCheckEx
IoAllocateWorkItem
IoReportTargetDeviceChangeAsynchronous
IoQueueWorkItem
KeInitializeEvent
IoGetAttachedDeviceReference
IoBuildSynchronousFsdRequest
ObfDereferenceObject
memmove
IoInvalidateDeviceRelations
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
IoAllocateIrp
_allshr
IoFreeWorkItem
KeWaitForSingleObject
KeReleaseMutex
KeSetEvent
strncmp
IoSetHardErrorOrVerifyDevice
IoRegisterDriverReinitialization
IofCallDriver
IoWMIRegistrationControl
RtlCompareMemory
RtlInitUnicodeString
MmGetSystemRoutineAddress
memset
memcpy
ExAllocatePoolWithTag
IoWMIWriteEvent
ExFreePoolWithTag
ZwOpenKey
_vsnwprintf
hal
KeGetCurrentIrql
classpnp.sys
ClassScanForSpecial
ClassQueryTimeOutRegistryValue
ClassUpdateInformationInRegistry
ClassInitializeMediaChangeDetection
ClassDeleteSrbLookasideList
ClassGetDeviceParameter
ClassReadDriveCapacity
ClassSignalCompletion
ClassNotifyFailurePredicted
ClassSetFailurePredictionPoll
ClassWmiCompleteRequest
ClassReleaseQueue
ClassInterpretSenseInfo
ClassSpinDownPowerHandler
ClassInitialize
ClassInitializeEx
ClassDeviceControl
ClassClaimDevice
ClassCreateDeviceObject
ClassSendDeviceIoControlSynchronous
ClassSetDeviceParameter
ClassModeSense
ClassFindModePage
ClassAcquireRemoveLockEx
ClassAsynchronousCompletion
ClassSendSrbSynchronous
ClassIoComplete
ClassReleaseRemoveLock
ClassCompleteRequest
ClassInitializeSrbLookasideList
Sections
.text Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 328B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 512B - Virtual size: 336B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 992B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ