Static task
static1
General
-
Target
1ebcf66108cda965f6348991d9bb9754
-
Size
34KB
-
MD5
1ebcf66108cda965f6348991d9bb9754
-
SHA1
3aea734b9b48451c552a9b9c6aa3e99559e5ebf1
-
SHA256
afba98b263bfd3a76c940086dcedcd7e67dc8b0be98bef1c38fa613e90ee5d7a
-
SHA512
8dc8fd6b2eabfdc6d32ff5e9e6928cb8e8f6fd139263364a5b3cb49ab49a33da5999ab42043c8d714f14c450e9344f6b859b9c5d24cd4df9309aa6a69e323d4b
-
SSDEEP
768:QQTjQh9aOgUzaItDge2pcgcRX49t+m6r:QQTjQh8OxaiDDdgcmz
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1ebcf66108cda965f6348991d9bb9754
Files
-
1ebcf66108cda965f6348991d9bb9754.sys windows:5 windows x86 arch:x86
16fd677f3193201979a850b881e0b938
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_strnicmp
IoGetCurrentProcess
strncpy
ZwDeleteKey
ZwEnumerateKey
IoGetRelatedDeviceObject
ZwCreateFile
ZwReadFile
ZwWriteFile
ZwQueryInformationFile
ZwSetInformationFile
swprintf
rand
KeWaitForSingleObject
KeInsertQueueApc
KeInitializeApc
KeClearEvent
ObfDereferenceObject
PsLookupThreadByThreadId
IoFreeMdl
KeDetachProcess
MmMapLockedPages
KeAttachProcess
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmUnmapLockedPages
wcstombs
KeInitializeMutex
NtSetInformationProcess
ObReferenceObjectByHandle
PsLookupProcessByProcessId
KeReleaseMutex
KeSetEvent
IofCompleteRequest
IoFreeIrp
KeInitializeEvent
IoAllocateIrp
memmove
IofCallDriver
KeBugCheckEx
ProbeForRead
MmHighestUserAddress
ZwQueryInformationProcess
ZwQuerySystemInformation
KeEnterCriticalRegion
ObOpenObjectByName
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
ZwRestoreKey
NtWaitForSingleObject
ZwLoadKey
ZwUnloadKey
wcscat
ObQueryNameString
PsSetCreateProcessNotifyRoutine
KeInitializeSpinLock
ExInitializeNPagedLookasideList
KeInsertQueueDpc
KeSetTargetProcessorDpc
KeInitializeDpc
KeNumberProcessors
KeServiceDescriptorTable
KeGetCurrentThread
KeAddSystemServiceTable
MmUserProbeAddress
KeGetPreviousMode
MmProbeAndLockPages
PsGetVersion
ObfReferenceObject
SeDeleteAccessState
RtlCopyUnicodeString
SeSetAccessStateGenericMapping
RtlMapGenericMask
SeCreateAccessState
ObCreateObject
IoFileObjectType
ZwOpenFile
wcslen
IoReuseIrp
IoGetDeviceObjectPointer
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
ExfInterlockedInsertTailList
MmGetPhysicalAddress
ProbeForWrite
_except_handler3
_stricmp
ExFreePoolWithTag
wcscpy
PsGetCurrentProcessId
wcsncpy
_wcslwr
wcsstr
_wcsnicmp
ZwOpenKey
_wcsicmp
ExAllocatePoolWithTag
PsCreateSystemThread
ZwClose
KeDelayExecutionThread
RtlInitUnicodeString
ZwCreateEvent
wcschr
KeLeaveCriticalRegion
PsTerminateSystemThread
hal
KfReleaseSpinLock
KfLowerIrql
KeRaiseIrqlToDpcLevel
ExReleaseFastMutex
ExAcquireFastMutex
KfAcquireSpinLock
ndis.sys
NdisFreePacket
NdisAllocateBuffer
NdisRegisterProtocol
NdisDeregisterProtocol
NdisAllocatePacket
NdisAllocateMemory
NdisAllocateBufferPool
NdisAllocatePacketPool
NdisOpenAdapter
NdisFreeMemory
NdisCloseAdapter
Sections
.text Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 896B - Virtual size: 781B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ