Static task
static1
General
-
Target
96a8a2edceba2cad6b49c24dcbd73449
-
Size
74KB
-
MD5
96a8a2edceba2cad6b49c24dcbd73449
-
SHA1
24ffe3f99b3af1901fea7cbffb3c21d497b82172
-
SHA256
714edd331e2f790484bd38e91a55bfac80e3f8446d0c9cc1b33e8695824c5ee7
-
SHA512
20438846dbdadcb31cbe2db67fd5be5b797e6317bf15a35147708b6409f9d7a760fcde0b3f1e12f6e7e865cc9260d5d8f8a0e504b4bcd738c97dd641dad5a035
-
SSDEEP
1536:a8G3jZ2AL+RrCOyJAwiTGXqT9/q9uxv081oHB:7G3jZuyJASqlMuxvzI
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 96a8a2edceba2cad6b49c24dcbd73449
Files
-
96a8a2edceba2cad6b49c24dcbd73449.sys windows:5 windows x86 arch:x86
420fd6a2b674a6c662d210dc6cceceac
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExFreePoolWithTag
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlCopyUnicodeString
MmIsDriverVerifying
MmLockPagableDataSection
DbgBreakPoint
MmUnlockPagableImageSection
ZwQueryVolumeInformationFile
IoBuildDeviceIoControlRequest
IoCancelIrp
MmBuildMdlForNonPagedPool
IoGetCurrentProcess
memmove
IoGetTopLevelIrp
KeTickCount
KeWaitForMultipleObjects
MmMapLockedPagesSpecifyCache
KeClearEvent
KeInitializeSemaphore
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
KeReleaseSemaphore
ProbeForRead
ProbeForWrite
KeQueryInterruptTime
ZwUnloadDriver
ZwLoadDriver
MmIsNonPagedSystemAddressValid
ExRaiseStatus
IoAllocateMdl
MmProbeAndLockPages
RtlCompareMemory
IoReuseIrp
IoAllocateIrp
ZwEnumerateKey
KeInitializeTimer
KeInitializeDpc
IoGetDeviceObjectPointer
KeSetTimerEx
MmQuerySystemSize
MmIsThisAnNtAsSystem
ExDeleteResourceLite
IoGetAttachedDeviceReference
IoDeleteSymbolicLink
MmPageEntireDriver
MmGetSystemRoutineAddress
ZwOpenKey
ZwQueryValueKey
IofCallDriver
IofCompleteRequest
ExInitializeResourceLite
IoSetTopLevelIrp
ZwCreateFile
ObReferenceObjectByHandle
IoGetRelatedDeviceObject
ZwClose
KeInitializeSpinLock
ExDeleteNPagedLookasideList
ExDeletePagedLookasideList
ExInitializeNPagedLookasideList
ExInitializePagedLookasideList
ExAcquireResourceExclusiveLite
SeSinglePrivilegeCheck
KeDelayExecutionThread
IoFreeIrp
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
KeBugCheckEx
IoGetStackLimits
ObfReferenceObject
MmUnlockPages
IoFreeMdl
ExGetPreviousMode
KeSetEvent
KeWaitForSingleObject
RtlEqualUnicodeString
ExQueueWorkItem
IoDetachDevice
KeInitializeEvent
IoCreateDevice
IoDeleteDevice
ExReleaseResourceLite
KeLeaveCriticalRegion
KeEnterCriticalRegion
ExAcquireResourceSharedLite
ObfDereferenceObject
RtlCompareUnicodeString
KeGetCurrentThread
IoCreateSymbolicLink
RtlInitUnicodeString
ExAllocatePoolWithTag
hal
KfRaiseIrql
ExReleaseFastMutex
KeGetCurrentIrql
KfLowerIrql
Sections
.text Size: 61KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 550B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ