Static task
static1
General
-
Target
53a7dfd6704ac03aaad24107e53fced081d1a12b1a7284f34900efc907ae9062
-
Size
62KB
-
MD5
9c634aea6ba99c8068c39381252f6d57
-
SHA1
405ad0ff98468f5e948459a422cac54b91d0189c
-
SHA256
53a7dfd6704ac03aaad24107e53fced081d1a12b1a7284f34900efc907ae9062
-
SHA512
c003cbb60b9d11d0be99005336c8a8a8bc75328e164b3f851f2a48a91c0693c80dbf02cfc577cfa325afce552d9f5893b18f6147ffc470afb1930e0a48c590e4
-
SSDEEP
1536:pxEmLS4R2PSalYQH7YDYM/xTU6WY2stoxg5SaoM:fR2PSqbYD1pjRGuBo
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 53a7dfd6704ac03aaad24107e53fced081d1a12b1a7284f34900efc907ae9062
Files
-
53a7dfd6704ac03aaad24107e53fced081d1a12b1a7284f34900efc907ae9062.sys windows:6 windows x64 arch:x64
fbc1bd3f86c6e875ecf77458d56ddc40
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
wdfldr.sys
WdfVersionUnbind
WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionBind
ntoskrnl.exe
RtlInitUnicodeString
ExAllocatePool
ExFreePoolWithTag
ExInitializeResourceLite
ExDeleteResourceLite
MmGetSystemRoutineAddress
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObUnRegisterCallbacks
ZwClose
ZwOpenKey
ZwQueryValueKey
SeSinglePrivilegeCheck
PsSetCreateProcessNotifyRoutineEx
KeInitializeDpc
KeInsertQueueDpc
KeSetTargetProcessorDpc
KeFlushQueuedDpcs
KeRevertToUserAffinityThreadEx
KeSetSystemAffinityThreadEx
KeQueryActiveProcessors
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
PsGetCurrentProcessId
PsGetCurrentThreadId
KeDelayExecutionThread
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmAllocatePagesForMdlEx
PsWrapApcWow64Thread
IoAllocateMdl
IoFreeMdl
IoGetCurrentProcess
ObReferenceObjectByHandle
ObfDereferenceObject
ObRegisterCallbacks
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
MmGetPhysicalMemoryRanges
MmGetPhysicalAddress
PsSetCreateThreadNotifyRoutine
PsGetProcessId
PsGetThreadProcessId
KeAttachProcess
KeDetachProcess
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ObOpenObjectByPointer
ZwAllocateVirtualMemory
_vsnwprintf
KeInitializeApc
KeInsertQueueApc
ZwOpenThread
ZwQueryInformationProcess
_local_unwind
PsProcessType
PsThreadType
DbgBreakPointWithStatus
RtlGetVersion
MmGetVirtualForPhysical
PsLookupThreadByThreadId
__C_specific_handler
KeQueryActiveProcessorCount
KeClearEvent
ExAcquireResourceSharedLite
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlLookupElementGenericTable
RtlGetElementGenericTable
KeReleaseSemaphore
KeInitializeSemaphore
KeWaitForMultipleObjects
ExAcquireFastMutex
ExReleaseFastMutex
MmBuildMdlForNonPagedPool
ZwCreateFile
ZwWriteFile
HalDispatchTable
wcsncpy
KeInitializeMutex
KeReleaseMutex
KeSetSystemAffinityThread
KeQueryMaximumProcessorCount
MmAllocateContiguousMemorySpecifyCache
MmFreeContiguousMemory
PsCreateSystemThread
ZwDeleteFile
ZwWaitForSingleObject
swprintf_s
MmMapIoSpace
MmUnmapIoSpace
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
MmAllocateContiguousMemory
ZwQueryInformationFile
ZwReadFile
RtlCopyUnicodeString
DbgPrintEx
KeBugCheckEx
Sections
.text Size: 46KB - Virtual size: 46KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ