Static task
static1
General
-
Target
c238f20391bba151f0af6a6cc4a6d3fb04aee6cfe7c5fa03807e042874a9d005
-
Size
62KB
-
MD5
b3123352dc841f97248acc57780c9504
-
SHA1
f58c632b540b61094d8af889cbdf559d48654eaa
-
SHA256
c238f20391bba151f0af6a6cc4a6d3fb04aee6cfe7c5fa03807e042874a9d005
-
SHA512
b4724ccc88aac9667ec8772757ee9809e83ee2ad2f0cc30b385a15866def96d0a44cb721ade6b477707c15d969c9a06d6a1f50fc9666eb9b6286b7ca01e82861
-
SSDEEP
1536:YxEmLS4R2PSalYQH7YDYM/xTU6WY2stNxg5SaoM:4R2PSqbYD1pjRVuBo
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c238f20391bba151f0af6a6cc4a6d3fb04aee6cfe7c5fa03807e042874a9d005
Files
-
c238f20391bba151f0af6a6cc4a6d3fb04aee6cfe7c5fa03807e042874a9d005.sys windows:6 windows x64 arch:x64
fbc1bd3f86c6e875ecf77458d56ddc40
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
wdfldr.sys
WdfVersionUnbind
WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionBind
ntoskrnl.exe
RtlInitUnicodeString
ExAllocatePool
ExFreePoolWithTag
ExInitializeResourceLite
ExDeleteResourceLite
MmGetSystemRoutineAddress
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObUnRegisterCallbacks
ZwClose
ZwOpenKey
ZwQueryValueKey
SeSinglePrivilegeCheck
PsSetCreateProcessNotifyRoutineEx
KeInitializeDpc
KeInsertQueueDpc
KeSetTargetProcessorDpc
KeFlushQueuedDpcs
KeRevertToUserAffinityThreadEx
KeSetSystemAffinityThreadEx
KeQueryActiveProcessors
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
PsGetCurrentProcessId
PsGetCurrentThreadId
KeDelayExecutionThread
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmAllocatePagesForMdlEx
PsWrapApcWow64Thread
IoAllocateMdl
IoFreeMdl
IoGetCurrentProcess
ObReferenceObjectByHandle
ObfDereferenceObject
ObRegisterCallbacks
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
MmGetPhysicalMemoryRanges
MmGetPhysicalAddress
PsSetCreateThreadNotifyRoutine
PsGetProcessId
PsGetThreadProcessId
KeAttachProcess
KeDetachProcess
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ObOpenObjectByPointer
ZwAllocateVirtualMemory
_vsnwprintf
KeInitializeApc
KeInsertQueueApc
ZwOpenThread
ZwQueryInformationProcess
_local_unwind
PsProcessType
PsThreadType
DbgBreakPointWithStatus
RtlGetVersion
MmGetVirtualForPhysical
PsLookupThreadByThreadId
__C_specific_handler
KeQueryActiveProcessorCount
KeClearEvent
ExAcquireResourceSharedLite
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlLookupElementGenericTable
RtlGetElementGenericTable
KeReleaseSemaphore
KeInitializeSemaphore
KeWaitForMultipleObjects
ExAcquireFastMutex
ExReleaseFastMutex
MmBuildMdlForNonPagedPool
ZwCreateFile
ZwWriteFile
HalDispatchTable
wcsncpy
KeInitializeMutex
KeReleaseMutex
KeSetSystemAffinityThread
KeQueryMaximumProcessorCount
MmAllocateContiguousMemorySpecifyCache
MmFreeContiguousMemory
PsCreateSystemThread
ZwDeleteFile
ZwWaitForSingleObject
swprintf_s
MmMapIoSpace
MmUnmapIoSpace
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
MmAllocateContiguousMemory
ZwQueryInformationFile
ZwReadFile
RtlCopyUnicodeString
DbgPrintEx
KeBugCheckEx
Sections
.text Size: 46KB - Virtual size: 46KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ