Static task
static1
General
-
Target
55b030200384e5073dd10f20465c4ec2
-
Size
32KB
-
MD5
55b030200384e5073dd10f20465c4ec2
-
SHA1
742ee75915ed809e959cb2c27ba8c11a4132c77e
-
SHA256
03dca38bf2fa1666393534e8743b8a83f923183600d3534f977fd18885d6f263
-
SHA512
3ec2fe9876c7f2b6921fc03dafe055ecb828aac9ac651f88343a4d15d801f8a22a51bcf76bbf7eb37f05797ed22b8d5ae3c5c4dc6cddda562e85347aac980955
-
SSDEEP
768:xubGpBb7vmB/B4ZOsKm6lk+BdmH4/Lf5N6tMOnV:46TnvmB/6uddLf5NU
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 55b030200384e5073dd10f20465c4ec2
Files
-
55b030200384e5073dd10f20465c4ec2.sys windows:4 windows x86 arch:x86
008f0dffa40b505484cfb3259451a08c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlInitUnicodeString
ZwClose
ZwPowerInformation
ExFreePool
IoOpenDeviceRegistryKey
IofCompleteRequest
MmUnlockPagableImageSection
MmLockPagableDataSection
ExAllocatePoolWithTag
IoCreateDevice
KeInitializeSpinLock
IoAttachDeviceToDeviceStack
MmMapIoSpace
InterlockedCompareExchange
ZwQueryValueKey
IoCreateSymbolicLink
InterlockedDecrement
InterlockedIncrement
ExfInterlockedRemoveHeadList
MmUnmapIoSpace
ExQueueWorkItem
KeInitializeMutex
KeWaitForSingleObject
KeReleaseMutex
sprintf
IoDeleteDevice
RtlFreeUnicodeString
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
IoGetDeviceProperty
PoStartNextPowerIrp
KeInitializeEvent
KeInitializeDpc
KeInitializeTimer
KeGetCurrentThread
KeSetTimer
KeQueryInterruptTime
KeCancelTimer
KeSetEvent
IofCallDriver
RtlCompareMemory
hal
KeStallExecutionProcessor
WRITE_PORT_ULONG
KfAcquireSpinLock
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
KfLowerIrql
KfRaiseIrql
READ_PORT_ULONG
READ_PORT_UCHAR
KeGetCurrentIrql
READ_PORT_USHORT
KfReleaseSpinLock
Sections
_LTEXT Size: 656B - Virtual size: 646B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
_PTEXT Size: 128B - Virtual size: 122B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
W32 Size: 16B - Virtual size: 11B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PNP Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
_LDATA Size: 32B - Virtual size: 28B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 96B - Virtual size: 96B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_LDATA Size: 224B - Virtual size: 212B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_PDATA Size: 16B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 46KB - Virtual size: 46KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.edata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 64B - Virtual size: 59B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 928B - Virtual size: 916B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ