Static task
static1
General
-
Target
7f80e8c1fd52a9afcbd73f067c73bd8b
-
Size
75KB
-
MD5
7f80e8c1fd52a9afcbd73f067c73bd8b
-
SHA1
c971fd40300dda3a7273e437e54623129b89cce1
-
SHA256
8fabde9550023d699cea006610438ba01254aa7e00a7ee021f6fb570249fb90e
-
SHA512
bae1ddb303450791afeff0804fb1d518dd4da10d860e28109a77dcafcf89a854d25b81004011d13d31b5b0358d90831187800815593e77cced7f094a8be10802
-
SSDEEP
1536:YW6ddtFwvY7OZ6asYmXkTCOaO7YT9YYKHoYVLpO2I9aqg4:YWit36Z6rj0TCOsjhOIrg
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7f80e8c1fd52a9afcbd73f067c73bd8b
Files
-
7f80e8c1fd52a9afcbd73f067c73bd8b.sys windows:5 windows x86 arch:x86
1b603040fa34bab68825c86c225c6cf1
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwReadFile
RtlCompareUnicodeString
MmUnlockPagableImageSection
ObfReferenceObject
RtlAppendUnicodeStringToString
KeQueryInterruptTime
IoFreeIrp
ObfDereferenceObject
ExInitializeResourceLite
KeWaitForSingleObject
SeSinglePrivilegeCheck
IoAllocateIrp
ExDeleteNPagedLookasideList
KeBugCheckEx
IoCancelIrp
IoReleaseCancelSpinLock
MmIsNonPagedSystemAddressValid
IoDeleteSymbolicLink
ExQueueWorkItem
IoFreeMdl
ExAcquireResourceSharedLite
MmGetSystemRoutineAddress
ExReleaseResourceLite
ExDeletePagedLookasideList
KeInitializeTimer
KeSetTimerEx
MmProbeAndLockPages
MmBuildMdlForNonPagedPool
IoCreateSymbolicLink
IoGetAttachedDeviceReference
MmUnlockPages
ZwUnloadDriver
ZwQueryVolumeInformationFile
ExInitializePagedLookasideList
memmove
IoSetTopLevelIrp
MmQuerySystemSize
KeInitializeSpinLock
IoAcquireCancelSpinLock
RtlSetDaclSecurityDescriptor
MmIsDriverVerifying
ExFreePoolWithTag
IoBuildDeviceIoControlRequest
MmPageEntireDriver
KeReleaseSemaphore
ZwOpenProcess
IoGetDeviceObjectPointer
KeInitializeSemaphore
RtlEqualUnicodeString
RtlCreateSecurityDescriptor
ExGetPreviousMode
KeSetEvent
KeInitializeDpc
ExDeleteResourceLite
ProbeForWrite
ExRaiseStatus
IoGetCurrentProcess
IoReuseIrp
MmMapLockedPagesSpecifyCache
ExAcquireResourceExclusiveLite
DbgBreakPoint
RtlCompareMemory
IoGetTopLevelIrp
KeEnterCriticalRegion
RtlCopyUnicodeString
ZwEnumerateKey
ZwOpenKey
KeWaitForMultipleObjects
ExInitializeNPagedLookasideList
KeInitializeEvent
IoCreateDevice
MmLockPagableDataSection
IofCallDriver
MmIsThisAnNtAsSystem
IoAllocateMdl
RtlAppendUnicodeToString
ProbeForRead
KeLeaveCriticalRegion
ZwCreateFile
ZwQueryValueKey
KeClearEvent
IoDeleteDevice
ZwClose
IoGetStackLimits
IoGetRelatedDeviceObject
IoDetachDevice
KeTickCount
KeDelayExecutionThread
ZwLoadDriver
ObReferenceObjectByHandle
RtlInitUnicodeString
PsGetProcessExitTime
KeGetCurrentThread
IofCompleteRequest
PsGetCurrentProcessId
ExAllocatePoolWithTag
hal
KfRaiseIrql
ExReleaseFastMutex
KeGetCurrentIrql
KfLowerIrql
Sections
.text Size: 64KB - Virtual size: 64KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 566B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ