Static task
static1
General
-
Target
2c2c09fc9afc4c4b939968d36364f5a2
-
Size
153KB
-
MD5
2c2c09fc9afc4c4b939968d36364f5a2
-
SHA1
4876aac4aef29cf8cd33907561959248ae5c21c1
-
SHA256
86450109ac4859d5a936a1386ff946a3ee2836a4d7cb5c3a80d70d8dac2d35fd
-
SHA512
602829dfb7130978ef61dee6bbd40c75c8b7e12cbc8eea28c5b7b70c46005f4228f112c96c0447c4a12332e48e8db24ab854a586e78ac6db8e8d309758593ef7
-
SSDEEP
3072:7ssvAMoJrnDAew1Q93ubxHrQgWRawqjWolDfSf1YsSlkt1n:7ssvA3JrnDAX4cHlWRawuHRfSf1tLn
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2c2c09fc9afc4c4b939968d36364f5a2
Files
-
2c2c09fc9afc4c4b939968d36364f5a2.sys windows:4 windows x86 arch:x86
472a7b54e350cd5b448d133d06992e33
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_except_handler3
KeNumberProcessors
ZwUnmapViewOfSection
ZwQueryInformationFile
ZwClose
ZwMapViewOfSection
ZwCreateSection
atoi
strstr
strncpy
memmove
wcslen
memchr
_stricmp
IofCompleteRequest
IoCreateSynchronizationEvent
RtlInitUnicodeString
ExFreePool
NtBuildNumber
IoRegisterBootDriverReinitialization
RtlCopyUnicodeString
ExAllocatePoolWithTag
IoRegisterShutdownNotification
InitSafeBootMode
wcscat
rand
srand
KeQuerySystemTime
wcscpy
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcsrchr
ZwQueryInformationProcess
PsGetCurrentThreadId
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
strrchr
ZwOpenFile
ObfDereferenceObject
ObReferenceObjectByName
IoDriverObjectType
_wcsicmp
ZwWriteFile
ZwSetInformationFile
RtlFreeAnsiString
sprintf
RtlUnicodeStringToAnsiString
ZwSetValueKey
ZwOpenKey
wcsstr
_wcsupr
ZwDeleteFile
ZwCreateFile
RtlCompareMemory
ZwReadFile
strncmp
RtlCompareUnicodeString
_strupr
KeStackAttachProcess
KeWaitForSingleObject
KeClearEvent
InterlockedIncrement
KeSetEvent
InterlockedDecrement
strchr
PsGetCurrentProcessId
ExfInterlockedRemoveHeadList
ExfInterlockedInsertTailList
strncat
wcsncat
ZwEnumerateKey
ZwQueryKey
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
KeInitializeEvent
KeInitializeSpinLock
KeInitializeMutex
ExInitializeNPagedLookasideList
_strlwr
MmIsAddressValid
IoGetCurrentProcess
KeGetCurrentThread
PsSetLoadImageNotifyRoutine
PsSetCreateThreadNotifyRoutine
PsSetCreateProcessNotifyRoutine
ZwQueryValueKey
ObQueryNameString
MmUnmapLockedPages
InterlockedExchange
ZwAllocateVirtualMemory
KeInsertQueueApc
KeInitializeApc
PsLookupProcessThreadByCid
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
RtlCompareString
RtlInitString
ZwQuerySystemInformation
KeServiceDescriptorTable
ObReferenceObjectByHandle
PsProcessType
ExGetPreviousMode
wcsncpy
ZwTerminateProcess
ZwDeleteKey
ZwCreateKey
ZwOpenSection
ZwEnumerateValueKey
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
_snprintf
IoFileObjectType
ZwSetSecurityObject
ZwReplaceKey
ZwRestoreKey
ZwDeleteValueKey
ZwSetSystemInformation
KeAddSystemServiceTable
IoAllocateMdl
MmProbeAndLockPages
IoFreeMdl
KeUnstackDetachProcess
MmMapLockedPagesSpecifyCache
KeReleaseMutex
MmUnlockPages
hal
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KfRaiseIrql
Sections
.text Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 84KB - Virtual size: 93KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 952B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ