Static task
static1
General
-
Target
1f356dfb5a05e4a4c691cad2a0d10a47
-
Size
23KB
-
MD5
1f356dfb5a05e4a4c691cad2a0d10a47
-
SHA1
450e254b914e33b0815a7c91b814cb4458752783
-
SHA256
721fda8bda27e470cbd75b9307c923e45ba6b10c848e5d8a6388741623a67b91
-
SHA512
3e3b13bdcd1d5525e36d20d0a236effb76ee032e7e062ab3b105908518e330a3ed1a45b348982d0e902aac40ec21c83d39f1373b10e2c79ded9126d82a69905c
-
SSDEEP
384:347Ok7afCKxrYYwM58ODAd+sHHGNU1Uyo43tIPE05WB1AFpbHlOlmEpeSuwCqU:34zYwnOsvHH07ytI8Gy1AFpbHlOlmEpK
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1f356dfb5a05e4a4c691cad2a0d10a47
Files
-
1f356dfb5a05e4a4c691cad2a0d10a47.sys windows:5 windows x86 arch:x86
48a7dd5877551d583f79cb94708dee03
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
swprintf
ZwSetValueKey
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
wcschr
ZwCreateEvent
_wcsicmp
_wcsnicmp
wcsstr
_wcslwr
wcsncpy
PsGetCurrentProcessId
_stricmp
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
KeSetEvent
IoFreeIrp
IoFreeMdl
KeClearEvent
KeWaitForSingleObject
MmBuildMdlForNonPagedPool
IoAllocateMdl
IoAllocateIrp
KeInitializeEvent
KeInitializeSpinLock
ExInitializeNPagedLookasideList
ObfDereferenceObject
IoGetDeviceObjectPointer
ZwQuerySystemInformation
_strnicmp
IoGetCurrentProcess
strncpy
ZwDeleteKey
ZwEnumerateKey
IoGetRelatedDeviceObject
ZwCreateFile
ZwReadFile
ZwWriteFile
ZwQueryInformationFile
ZwSetInformationFile
KeInsertQueueApc
KeInitializeApc
PsLookupThreadByThreadId
KeDetachProcess
rand
KeAttachProcess
MmUnmapLockedPages
wcstombs
KeInitializeMutex
PsCreateSystemThread
NtSetInformationProcess
ObReferenceObjectByHandle
PsLookupProcessByProcessId
KeReleaseMutex
IofCompleteRequest
memmove
ProbeForRead
MmHighestUserAddress
ZwQueryInformationProcess
KeLeaveCriticalRegion
KeEnterCriticalRegion
ObOpenObjectByName
PsInitialSystemProcess
NtWaitForSingleObject
ZwLoadKey
ZwUnloadKey
wcscat
ObQueryNameString
PsSetCreateProcessNotifyRoutine
KeInsertQueueDpc
KeSetTargetProcessorDpc
KeInitializeDpc
KeNumberProcessors
KeServiceDescriptorTable
KeGetCurrentThread
KeAddSystemServiceTable
MmUserProbeAddress
KeGetPreviousMode
PsGetVersion
ObfReferenceObject
SeDeleteAccessState
IofCallDriver
RtlCopyUnicodeString
SeSetAccessStateGenericMapping
RtlMapGenericMask
SeCreateAccessState
ObCreateObject
IoFileObjectType
ZwOpenFile
IoReuseIrp
_except_handler3
wcslen
wcscpy
ExFreePoolWithTag
MmMapLockedPages
ZwClose
hal
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeRaiseIrqlToDpcLevel
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 640B - Virtual size: 598B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 896B - Virtual size: 813B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ