Static task
static1
General
-
Target
0442a18bbed4e323265c66561c8f8c171d8e934e9089c12b94d1dfdbb057b737
-
Size
272KB
-
MD5
7f09708b8c651a0c0e2a2725136ba254
-
SHA1
8ce29225e3425898d862eb69d491091b693a1ae0
-
SHA256
0442a18bbed4e323265c66561c8f8c171d8e934e9089c12b94d1dfdbb057b737
-
SHA512
88cf10f05a722f0ae955854a0f138da49eed5717b30afefdf1e646a25108c7126ea678c2c19480e6019e01b0f43fa23dacd6af61255312b2dbc68a259dc854e1
-
SSDEEP
3072:0Jf9JSO48/h7Axgz1fxVr1yvnC2IeXct40Vba0VrV2ha1jXR2rjRafnL05JOzFB:S/SnAXivnCVihyhV2ha17Z3gCIM
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0442a18bbed4e323265c66561c8f8c171d8e934e9089c12b94d1dfdbb057b737
Files
-
0442a18bbed4e323265c66561c8f8c171d8e934e9089c12b94d1dfdbb057b737.sys windows:10 windows x64 arch:x64
c08c897156f155523dc8224325941039
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
ExSetTimer
KeQuerySystemTimePrecise
IoSetDevicePropertyData
IoRegisterDeviceInterface
KeQueryUnbiasedInterruptTime
IoSetDeviceInterfacePropertyData
IoQueueWorkItemEx
EtwWriteTransfer
ExAllocateTimer
IoCsqInsertIrp
IoCsqRemoveNextIrp
IoCsqInitialize
ZwOpenKey
ExCancelTimer
DbgPrintEx
ZwClose
IoWMIRegistrationControl
ZwQueryValueKey
MmGetSystemRoutineAddress
RtlCopyUnicodeString
RtlInitUnicodeString
RtlAppendUnicodeToString
ExFreePool
IofCompleteRequest
IofCallDriver
KeCancelTimer
KeClearEvent
IoBuildDeviceIoControlRequest
KeInitializeTimer
IoInitializeRemoveLockEx
KeInitializeDpc
IoReleaseRemoveLockEx
IoAcquireRemoveLockEx
KeSetTimer
KeResetEvent
KeWaitForSingleObject
EtwActivityIdControl
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeWorkItem
IoGetDeviceInterfaces
IoGetDeviceObjectPointer
ObfDereferenceObject
IoFreeIrp
IoSetCompletionRoutineEx
IoAllocateIrp
IoReleaseRemoveLockAndWaitEx
IoCancelIrp
IoReleaseCancelSpinLock
KeQueryTimeIncrement
RtlFreeAnsiString
RtlFreeUnicodeString
RtlUnicodeStringToAnsiString
RtlInitAnsiString
KseQueryDeviceFlags
MmIsDriverVerifyingByAddress
RtlQueryRegistryValuesEx
DbgkWerCaptureLiveKernelDump
KeSetEvent
KeReleaseSpinLock
KeInitializeSpinLock
KeAcquireSpinLockRaiseToDpc
IoAllocateWorkItem
KeQueryInterruptTimePrecise
EtwSetInformation
EtwUnregister
EtwRegister
RtlAnsiCharToUnicodeChar
KeInitializeEvent
memcmp
hal
KeQueryPerformanceCounter
ks.sys
KsGetNodeIdFromIrp
KsGetObjectFromFileObject
KsGenerateEvent
KsDefaultAddEventHandler
KsGetPinFromIrp
KsAddEvent
KsInitializeDriver
KsStreamPointerClone
KsCompletePendingRequest
KsStreamPointerAdvance
KsPinAcquireProcessingMutex
KsStreamPointerGetNextClone
KsPinReleaseProcessingMutex
KsStreamPointerUnlock
KsReleaseControl
KsPinGetFirstCloneStreamPointer
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerSetStatusCode
KsStreamPointerAdvanceOffsets
KsGetFilterFromIrp
KsGetDevice
KsAcquireControl
KsStreamPointerDelete
KsGetDeviceForDeviceObject
KsFreeObjectBag
KsAllocateObjectBag
KsPinGetParentFilter
_KsEdit
KsGetFirstChild
KsPinAttemptProcessing
KsFilterFactorySetDeviceClassesState
KsAcquireDevice
KsGenerateEvents
KsCreateFilterFactory
KsReleaseDevice
KsGetParent
KsFreeObjectCreateItemsByContext
KsGetNextSibling
KsFilterFactoryUpdateCacheData
KsFilterFactoryGetSymbolicLink
btampm.sys
BtaMpmGetRemoteDeviceProfileVersionAndAttribute
BtaMpmUpdatePlayStatus
BtaMpmRegister
BtaMpmUnregister
BtaMpmUpdateSuspendStatus
BtaMpmUnregisterPnp
BtaMpmConnectionRequest
BtaMpmBuildIndirectStringFromMessageWithSingleUTF8Arg
BtaMpmRegisterPnp
BtaMpmUpdateConnectionStatus
wpprecorder.sys
imp_WppRecorderReplay
WppAutoLogStart
WppAutoLogTrace
WppAutoLogStop
sleepstudyhelper.sys
SleepstudyHelper_ComponentActive
SleepstudyHelper_UnregisterComponent
SleepstudyHelper_RegisterComponentEx
SleepstudyHelper_ComponentInactive
SleepstudyHelper_GenerateGuid
SleepstudyHelper_Uninitialize
SleepstudyHelper_Initialize
SleepstudyHelper_GetPdoFriendlyName
wdfldr.sys
WdfVersionUnbind
WdfVersionBind
WdfVersionUnbindClass
WdfVersionBindClass
ksecdd.sys
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptHashData
BCryptDestroyHash
BCryptCreateHash
Sections
.text Size: 187KB - Virtual size: 187KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
NONPAGE Size: 512B - Virtual size: 176B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 512B - Virtual size: 54B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
GFIDS Size: 1024B - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ