Static task
static1
General
-
Target
28b75498f3df6d19209f6dbd7dce489b
-
Size
56KB
-
MD5
28b75498f3df6d19209f6dbd7dce489b
-
SHA1
d90a57319778d9c0f7122ea24a0344be18d542c3
-
SHA256
79a5b00f2138cbb7dbba39dfa1c8723d7f57a3e79e951a103014e2dd7aa03e62
-
SHA512
f11f95453bed6492e7788c8ff55a68bcb92622a32049c87509cbba74323c5e9962022bf9dfd88755b703ad8c6ab907f7f77f176ba15ff60b3fed57617184b118
-
SSDEEP
768:IoaRqhasiYFbCwkjheBT1pbSQNdBT4NTis7HA5w7inLdygXmEh:OgfSjheBT1pbBJ4NTGKiByg2E
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 28b75498f3df6d19209f6dbd7dce489b
Files
-
28b75498f3df6d19209f6dbd7dce489b.sys windows:6 windows x86 arch:x86
3fe182b10907c9973577d4aea05c6da7
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmUnmapLockedPages
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
memset
PsGetCurrentProcessId
ProbeForRead
MmUserProbeAddress
ExfInterlockedRemoveHeadList
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
IofCompleteRequest
ExGetPreviousMode
ProbeForWrite
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
MmMapLockedPagesSpecifyCache
ObReferenceObjectByHandle
ExEventObjectType
PsLookupThreadByThreadId
PsLookupProcessByProcessId
HalDispatchTable
ObReferenceObjectByName
IoDriverObjectType
IoGetDeviceProperty
IoGetDeviceObjectPointer
KdDebuggerNotPresent
MmQuerySystemSize
RtlGetNtGlobalFlags
MmSystemRangeStart
MmHighestUserAddress
ZwClose
RtlInitUnicodeString
ZwCreateFile
memcpy
IoCreateSymbolicLink
IoCreateDevice
ObOpenObjectByName
ZwQueryDirectoryObject
ZwOpenDirectoryObject
IoFileObjectType
PsProcessType
RtlCompareUnicodeString
ZwOpenKey
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwQueryInformationProcess
ZwQuerySystemInformation
PsThreadType
KeUnstackDetachProcess
KeStackAttachProcess
LpcPortObjectType
ExReleaseResourceLite
KeLeaveCriticalRegion
ExAcquireResourceSharedLite
KeEnterCriticalRegion
KeGetCurrentThread
KeWaitForSingleObject
PsCreateSystemThread
ExQueueWorkItem
PsInitialSystemProcess
qsort
RtlUpcaseUnicodeChar
KeReleaseMutex
KeTickCount
KeBugCheckEx
MmGetSystemRoutineAddress
DbgPrint
MmIsAddressValid
KeServiceDescriptorTable
ExfInterlockedInsertTailList
KeSetEvent
ExAllocatePoolWithTag
ExFreePoolWithTag
NtBuildNumber
ZwDeviceIoControlFile
KeInitializeEvent
RtlUnwind
hal
KeAcquireQueuedSpinLockRaiseToSynch
KeAcquireQueuedSpinLock
KeRaiseIrqlToDpcLevel
KeReleaseQueuedSpinLock
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeRaiseIrqlToSynchLevel
Sections
.text Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 456B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ