Static task
static1
General
-
Target
244e0a3aa2952429f8ddf015700746e5
-
Size
181KB
-
MD5
244e0a3aa2952429f8ddf015700746e5
-
SHA1
894c6d763de834ed72a1816e6ee40a3c11b8785b
-
SHA256
e1ebab55ddd1e26d5c7458185355f1a31dce3b780320f5ad2dd5d89ab2921438
-
SHA512
5a6d9ad8257930d6b48c9f4c3cd2cf7eb26490a49c6a3832066859f1b6584e2c073d7d865cec132310b6be2c0444b6381edae3ca9bf938e62f9dd013786e66cf
-
SSDEEP
3072:jbaqjp7MgQEUudLd3TcpZTOkS6vhMbxsTWdsdvnTi2NaML/84HP9J10wD31jCW1:jHqlDudLdjcHRS6vh6wvef9m31v71jC4
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 244e0a3aa2952429f8ddf015700746e5
Files
-
244e0a3aa2952429f8ddf015700746e5.sys windows:5 windows x86 arch:x86
804d0af9a083c7a4180fd3378b56601b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PsGetCurrentProcessId
ExAllocatePoolWithTag
KeSetTargetProcessorDpc
ExFreePoolWithTag
KeInitializeDpc
KeInsertQueueDpc
KeNumberProcessors
PsGetProcessPeb
ProbeForRead
MmIsAddressValid
IoGetBaseFileSystemDeviceObject
RtlAnsiStringToUnicodeString
IoBuildSynchronousFsdRequest
_wcsnicmp
RtlPrefixString
SeCreateAccessState
IoGetRelatedDeviceObject
RtlInitUnicodeString
KeSetEvent
wcsncpy
IoGetFileObjectGenericMapping
ObCreateObject
strchr
IoCreateFile
KeInitializeEvent
RtlInitAnsiString
IoQueryFileInformation
wcsncat
RtlEqualUnicodeString
IoFreeMdl
RtlImageDirectoryEntryToData
RtlFreeUnicodeString
IoFileObjectType
KeGetCurrentThread
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
IoFreeIrp
IoAllocateIrp
ObfReferenceObject
RtlCopyUnicodeString
ObfDereferenceObject
RtlImageNtHeader
RtlMultiByteToUnicodeN
IoQueryFileDosDeviceName
ObOpenObjectByPointer
ObQueryNameString
ZwWaitForSingleObject
PsCreateSystemThread
PsGetCurrentThreadId
KeInitializeSpinLock
_wcsicmp
sprintf
ExAcquireRundownProtection
IoThreadToProcess
PsProcessType
IoDeleteSymbolicLink
ZwYieldExecution
PsRemoveCreateThreadNotifyRoutine
IoDeleteDevice
PsGetThreadTeb
ExReleaseRundownProtection
PsGetThreadId
PsSetCreateProcessNotifyRoutine
ZwOpenDirectoryObject
IoDriverObjectType
KeFlushQueuedDpcs
PsGetThreadWin32Thread
IofCompleteRequest
PsSetLegoNotifyRoutine
PsRemoveLoadImageNotifyRoutine
PsInitialSystemProcess
PsIsThreadTerminating
PsThreadType
IoCreateSymbolicLink
ObReferenceObjectByName
IoCreateDevice
KeCancelTimer
CmUnRegisterCallback
PsGetThreadProcessId
PsGetProcessId
MmSystemRangeStart
MmUnmapLockedPages
MmHighestUserAddress
MmBuildMdlForNonPagedPool
MmIsNonPagedSystemAddressValid
MmMapLockedPages
MmCreateMdl
RtlCompareUnicodeString
IoDeviceObjectType
wcstombs
PsGetProcessSectionBaseAddress
KeDelayExecutionThread
PsGetProcessInheritedFromUniqueProcessId
KeInitializeApc
_strnicmp
_snprintf
IoGetCurrentProcess
ExSystemTimeToLocalTime
KeQuerySystemTime
PsGetProcessImageFileName
PsTerminateSystemThread
_snwprintf
_except_handler3
memset
_allmul
memcpy
hal
KfAcquireSpinLock
KeGetCurrentIrql
KfLowerIrql
KeRaiseIrqlToDpcLevel
KfReleaseSpinLock
Sections
.text Size: 36KB - Virtual size: 36KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.siba0 Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.siba1 Size: 130KB - Virtual size: 129KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ