Static task
static1
General
-
Target
099f67e7d25ca9ddec16cab68ffd5139
-
Size
72KB
-
MD5
099f67e7d25ca9ddec16cab68ffd5139
-
SHA1
5800f92c0421e620c209f4bddad92b62f3594cdb
-
SHA256
29ddb767418155dc9c820ae7137ef31d7bac6b6f6a444c30fae97fe64332a372
-
SHA512
8f0e135acc0f4ac0417e4796b0dc1ac694e45d4bedee0accf16c5ff14a0b36905d264ef8564cc894e0cff6163528638281771246978e98cd0f9b2c12ddf2a29f
-
SSDEEP
768:MQRpcQuZvdN7UEzBg6tjz211l118SAEA2SgDKd4fFeSTCr:8NZvrw+BgOjzMDKd4fFlTC
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 099f67e7d25ca9ddec16cab68ffd5139
Files
-
099f67e7d25ca9ddec16cab68ffd5139.sys windows:5 windows x86 arch:x86
4a1976c1331b9e249d14533a800185a5
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ObfDereferenceObject
ObReferenceObjectByHandle
ZwOpenDirectoryObject
RtlInitUnicodeString
wcslen
wcscat
ZwCreateKey
KeServiceDescriptorTable
ZwRestoreKey
ZwOpenKey
wcscpy
KeDelayExecutionThread
PsCreateSystemThread
ExFreePool
InterlockedExchange
IofCompleteRequest
ZwPulseEvent
ZwYieldExecution
ZwOpenProcess
ZwCreateSection
IoGetDeviceObjectPointer
IoRegisterBootDriverReinitialization
MmMapLockedPagesSpecifyCache
IofCallDriver
_wcsnicmp
RtlCompareMemory
ObReferenceObjectByName
MmIsAddressValid
ZwClose
_except_handler3
IoGetCurrentProcess
MmGetSystemRoutineAddress
RtlInitAnsiString
KeSetEvent
IoFreeIrp
KeWaitForSingleObject
IoBuildAsynchronousFsdRequest
KeInitializeEvent
ObOpenObjectByPointer
SeSetAccessStateGenericMapping
RtlMapGenericMask
SeCreateAccessState
IoGetFileObjectGenericMapping
KeGetCurrentThread
IoAllocateIrp
ObCreateObject
IoFileObjectType
ZwCreateFile
MmSystemRangeStart
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlEqualUnicodeString
ZwReadFile
FsRtlGetFileSize
RtlQueryRegistryValues
ZwQuerySystemInformation
KeTickCount
KeBugCheckEx
IoDriverObjectType
ExAllocatePoolWithTag
ZwEnumerateKey
DbgPrint
hal
KfRaiseIrql
KfLowerIrql
KeRaiseIrqlToDpcLevel
Sections
.text Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 48KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ