Static task
static1
General
-
Target
083c2735a0a07b4a031fcc7e46d2d8bb
-
Size
331KB
-
MD5
083c2735a0a07b4a031fcc7e46d2d8bb
-
SHA1
30494bea9bf291729556eea76b33118b274a0206
-
SHA256
52d15eb8956d87cc96d284dc7a21daa08a7d6ddd3c39d12b1f9565a7df11c1b6
-
SHA512
74492a7e79700078e784d0c9e0815cca49141a4cd6f058bb48edac55ba4c3f6deaa889075b82c8df4dd619e37e25f57c6817cecce575ca23098187b985d2e9b9
-
SSDEEP
6144:LK49enPKqKGP9wqIEhDAep/gEubrw4pmDh9jNfQJR/1l+7UuWNKH/jzIRkQWdWim:ZenPKqKGFwdEXpYrVpmt9jy1l+7xWsHg
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 083c2735a0a07b4a031fcc7e46d2d8bb
Files
-
083c2735a0a07b4a031fcc7e46d2d8bb.sys windows:6 windows x86 arch:x86
0a5d2f796c66f77303561d7d0a8e6390
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
memcpy
KeResetEvent
KeWaitForSingleObject
KeInitializeEvent
memset
ObDereferenceSecurityDescriptor
IoFreeIrp
PsReturnPoolQuota
IoCreateFile
PsChargeProcessPoolQuota
RtlCopyUnicodeString
ExAllocatePoolWithTagPriority
RtlCompareUnicodeString
MmResetDriverPaging
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
EtwWriteTransfer
PsGetCurrentProcessId
EtwActivityIdControl
MmSizeOfMdl
MmBuildMdlForNonPagedPool
IoInitializeIrp
ExRaiseStatus
PsGetProcessExitTime
IoSetIoCompletion
SeUnlockSubjectContext
SeFreePrivileges
SeAppendPrivileges
SeAccessCheck
SeLockSubjectContext
RtlMapGenericMask
IoGetFileObjectGenericMapping
ObLogSecurityDescriptor
SeAssignSecurity
RtlEqualString
RtlInitString
IoAllocateIrp
IoBuildDeviceIoControlRequest
KeSetEvent
ProbeForWrite
ExEventObjectType
ExGetPreviousMode
ExRaiseAccessViolation
ExInitializeResourceLite
ExDeleteResourceLite
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
SeExports
ObReleaseObjectSecurity
SeSetSecurityDescriptorInfo
ExAllocatePoolWithTag
RtlLengthSecurityDescriptor
RtlSetDaclSecurityDescriptor
ObGetObjectSecurity
IoDeleteDevice
ExDeleteNPagedLookasideList
ExUnregisterCallback
IoQueueWorkItem
ZwNotifyChangeKey
IoFreeWorkItem
ExInitializeNPagedLookasideList
IoAllocateWorkItem
IoCreateDevice
MmUserProbeAddress
KeLeaveCriticalRegion
KeEnterCriticalRegion
KePulseEvent
MmAdvanceMdl
DbgPrint
ExInterlockedFlushSList
KeFlushQueuedDpcs
_aulldiv
KeSetCoalescableTimer
KeInitializeDpc
KeInitializeTimer
MmLockPagableDataSection
ObCloseHandle
SeDeleteAccessState
SeCreateAccessState
SeQuerySecurityDescriptorInfo
KeReadStateEvent
MmUnlockPagableImageSection
KeRemoveQueueDpc
KeCancelTimer
_alldiv
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
_allmul
KeInitializeTimerEx
ExAcquireResourceSharedLite
KeSetTimer
PsGetCurrentProcess
MmUnmapLockedPages
FsRtlMdlReadComplete
IoCancelIrp
KeDetachProcess
FsRtlMdlRead
KeAttachProcess
IoGetRequestorProcess
FsRtlCopyRead
IoQueryFileInformation
_aullrem
ObFindHandleForObject
ObOpenObjectByName
ObGetObjectType
MmSystemRangeStart
IoThreadToProcess
KeQueryActiveProcessorCountEx
IoReuseIrp
RtlIntegerToUnicode
ObReferenceSecurityDescriptor
RtlAppendUnicodeStringToString
KeDelayExecutionThread
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoWMIWriteEvent
EtwRegister
EtwUnregister
IoGetDeviceAttachmentBaseRef
DbgPrintEx
KeWaitForMultipleObjects
ZwOpenEvent
PsDereferenceImpersonationToken
PsReferenceImpersonationToken
_vsnwprintf
towlower
KeTickCount
RtlUnwind
RtlEqualUnicodeString
RtlPrefixUnicodeString
RtlAppendUnicodeToString
ExAllocatePoolWithQuotaTag
FsRtlAllocateExtraCreateParameterList
FsRtlAllocateExtraCreateParameter
FsRtlFreeExtraCreateParameterList
FsRtlInsertExtraCreateParameter
IoSetTopLevelIrp
IoCreateFileEx
ObOpenObjectByPointer
ZwClose
RtlInitUnicodeString
ExCreateCallback
ExEnterCriticalRegionAndAcquireResourceExclusive
ExRegisterCallback
KeGetCurrentThread
ExEnterCriticalRegionAndAcquireResourceShared
ExReleaseResourceAndLeaveCriticalRegion
RtlCompareMemory
IoGetTopLevelIrp
FsRtlFindExtraCreateParameter
KeGetRecommendedSharedDataAlignment
MmQuerySystemSize
MmIsThisAnNtAsSystem
RtlCreateSecurityDescriptor
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
MmMapLockedPages
InterlockedPopEntrySList
KeQueryInterruptTime
IoBuildPartialMdl
IoGetRelatedDeviceObject
IoFileObjectType
IofCallDriver
KeInitializeApc
KeInsertQueueApc
ExQueueWorkItem
KeAcquireInStackQueuedSpinLockAtDpcLevel
KeReleaseInStackQueuedSpinLockFromDpcLevel
ObfReferenceObject
memmove
ExFreePoolWithTag
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
ExInitializeLookasideListEx
ExDeleteLookasideListEx
KeQueryMaximumProcessorCountEx
InterlockedExchange
SeReleaseSubjectContext
PsDereferencePrimaryToken
SeTokenType
PsRevertToSelf
SeImpersonateClientEx
SeCreateClientSecurityFromSubjectContext
SeCaptureSubjectContextEx
IofCompleteRequest
MmMapLockedPagesSpecifyCache
IoFreeMdl
ObfDereferenceObject
IoGetCurrentProcess
EtwWrite
KeGetCurrentProcessorNumberEx
ObReferenceObjectByHandle
ExRaiseDatatypeMisalignment
KeBugCheckEx
InterlockedPushEntrySList
hal
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
KeGetCurrentIrql
KfLowerIrql
KfRaiseIrql
KeReleaseQueuedSpinLock
KeAcquireQueuedSpinLock
KfReleaseSpinLock
KfAcquireSpinLock
tdi.sys
TdiRegisterPnPHandlers
TdiDeregisterPnPHandlers
TdiMatchPdoWithChainedReceiveContext
TdiReturnChainedReceives
TdiCopyBufferToMdl
TdiCopyMdlToBuffer
netio.sys
NetioInitializeWorkQueue
NetioInsertWorkQueue
NetioShutdownWorkQueue
NmrProviderDetachClientComplete
NmrRegisterProvider
NmrDeregisterProvider
NmrWaitForProviderDeregisterComplete
NmrClientAttachProvider
NmrClientDetachProviderComplete
NmrRegisterClient
NmrDeregisterClient
NmrWaitForClientDeregisterComplete
NsiAllocateAndGetTable
NsiFreeTable
NsiRegisterChangeNotification
NsiDeregisterChangeNotification
NsiGetAllParameters
RtlInitializeTimerWheel
RtlUpdateCurrentTimerWheelTick
RtlGetNextExpiredTimerWheelEntry
RtlReturnTimerWheelEntry
RtlIndicateTimerWheelEntryTimerStart
RtlCleanupTimerWheelEntry
RtlInitializeTimerWheelEntry
RtlSuspendTimerWheel
RtlCleanupTimerWheel
RtlCopyMdlToMdl
RtlCopyMdlToBuffer
msrpc.sys
RpcAsyncInitializeHandle
RpcBindingFree
RpcBindingSetOption
RpcBindingCreateW
RpcBindingBind
RpcBindingUnbind
RpcAsyncCancelCall
RpcAsyncCompleteCall
RpcExceptionFilter
NdrAsyncClientCall
Sections
.text Size: 53KB - Virtual size: 52KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEAFD Size: 105KB - Virtual size: 105KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESAN Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWTDI Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDAT1 Size: 512B - Virtual size: 392B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 54KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ