Static task
static1
General
-
Target
6852255bf1e46c2985f3c7c8395f0709
-
Size
28KB
-
MD5
6852255bf1e46c2985f3c7c8395f0709
-
SHA1
face9d148737cc77de62acc7a23076113b431291
-
SHA256
db9c48c132eeee3a95fff1e1dab968f3383a40584949e56127c7e2b686de71d3
-
SHA512
0ecf0b2bf91b2937e945a6888cb576d2f60bd49f31456b6c99842bb5ebd132b3c75df0cc5aad7b8e62fed6a73b3301b0b17baf415571076677b5e37be0c07505
-
SSDEEP
768:KUnDOw1stCigwkdo2adwovNmSYf8hBYNGx8qipyEEZ:nDOesEwkdo2adwovNmSG8/YNm8qsyEw
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6852255bf1e46c2985f3c7c8395f0709
Files
-
6852255bf1e46c2985f3c7c8395f0709.sys windows:5 windows x86 arch:x86
25a6ca6b145795906b91a7d18cf1135a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_except_handler3
MmUnlockPages
ObfDereferenceObject
KeUnstackDetachProcess
KeStackAttachProcess
PsLookupProcessByProcessId
MmIsAddressValid
KeInitializeSpinLock
ObReferenceObjectByName
IoDriverObjectType
RtlInitUnicodeString
ExFreePool
_stricmp
strrchr
ExAllocatePoolWithTag
ZwQuerySystemInformation
IoFileObjectType
ZwClose
ObReferenceObjectByHandle
ZwOpenKey
PsProcessType
IoDeviceObjectType
MmSectionObjectType
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlImageDirectoryEntryToData
NtBuildNumber
RtlAppendUnicodeStringToString
RtlVolumeDeviceToDosName
IoCreateFile
wcscpy
ProbeForRead
IoGetCurrentProcess
KeGetCurrentThread
KeServiceDescriptorTable
ObQueryNameString
ObReferenceObjectByPointer
ObOpenObjectByPointer
PsGetVersion
IoAllocateMdl
IoThreadToProcess
PsLookupThreadByThreadId
NtGlobalFlag
PsThreadType
IofCallDriver
ZwOpenDirectoryObject
MmGetVirtualForPhysical
MmGetPhysicalAddress
MmSystemRangeStart
IoFreeIrp
KeSetEvent
KeWaitForSingleObject
MmBuildMdlForNonPagedPool
IoAllocateIrp
IoGetBaseFileSystemDeviceObject
KeInitializeEvent
IoGetDeviceObjectPointer
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
swprintf
IoGetConfigurationInformation
ZwTerminateProcess
PsGetCurrentProcessId
KeInsertQueueApc
KeInitializeApc
KeClearEvent
ExfInterlockedInsertTailList
ExfInterlockedRemoveHeadList
wcsstr
_wcsupr
IoCreateSynchronizationEvent
MmGetSystemRoutineAddress
ZwOpenEvent
IoDeleteDevice
RtlInitAnsiString
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUserProbeAddress
IoFreeMdl
hal
KfAcquireSpinLock
KfReleaseSpinLock
KeStallExecutionProcessor
Sections
.text Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 768B - Virtual size: 724B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ