Static task
static1
General
-
Target
c6d0590fad91f3b9acc4236b4716b44265c64a44c9facc8b504eac9c2103b94f
-
Size
719KB
-
MD5
fb06e39da0052c92003639008ebd2fb7
-
SHA1
70a92da3be94f4cea3c7200dc70ae0f0c1b4e632
-
SHA256
c6d0590fad91f3b9acc4236b4716b44265c64a44c9facc8b504eac9c2103b94f
-
SHA512
9db7fecd416d4fdf33615c98686c2de626c90cc8dcbe56cc1045da45a486636ad89c1f7e6695132e136c36a0e10f7d282f5838b8488c31444928545b3a7a4a4e
-
SSDEEP
12288:Hey0AmPVkwRXP1x0ls8xpaAVp9it4/i1Ks1hNjY98IpJgVP6mQC4:Hey3mPVLRXP1zM9idhTmJCPpQt
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c6d0590fad91f3b9acc4236b4716b44265c64a44c9facc8b504eac9c2103b94f
Files
-
c6d0590fad91f3b9acc4236b4716b44265c64a44c9facc8b504eac9c2103b94f.sys windows:5 windows x86 arch:x86
0a14154a1c0331468508075822f3dabc
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwQueryValueKey
ZwSetValueKey
RtlAppendUnicodeToString
ExAllocatePoolWithTag
memmove
RtlCompareMemory
RtlQueryRegistryValues
ZwEnumerateKey
ZwDeleteKey
RtlCopyUnicodeString
RtlFreeUnicodeString
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
RtlAppendUnicodeStringToString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoConnectInterrupt
IoDisconnectInterrupt
KeDelayExecutionThread
_allmul
KeQueryTimeIncrement
KeTickCount
_aulldiv
KeQuerySystemTime
_alldiv
RtlTimeToTimeFields
KeSynchronizeExecution
KeInsertQueueDpc
RtlIntegerToUnicodeString
IoGetDeviceProperty
ExSetTimerResolution
KeWaitForSingleObject
IofCallDriver
IoBuildSynchronousFsdRequest
KeInitializeEvent
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
IoAttachDeviceToDeviceStack
IoCreateDevice
IoDeleteDevice
ZwOpenKey
RtlInitUnicodeString
InterlockedIncrement
KeSetEvent
InterlockedDecrement
PoCallDriver
IoCancelIrp
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
IoGetDmaAdapter
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
ObfDereferenceObject
MmUnlockPagableImageSection
IofCompleteRequest
MmLockPagableDataSection
IoAllocateIrp
ObReferenceObjectByHandle
PsCreateSystemThread
RtlWriteRegistryValue
RtlUnicodeStringToAnsiString
IoIsWdmVersionAvailable
IoOpenDeviceRegistryKey
KeSetTimer
MmUnmapIoSpace
KeRemoveQueueDpc
KeCancelTimer
IoCreateSymbolicLink
IoDeleteSymbolicLink
RtlDeleteRegistryValue
KeInitializeDpc
KeInitializeTimer
KeInitializeSpinLock
InterlockedExchange
KeSetPriorityThread
KeGetCurrentThread
PsTerminateSystemThread
PoRequestPowerIrp
PoSetPowerState
PoStartNextPowerIrp
KeClearEvent
ZwCreateKey
ZwClose
ExFreePool
IoDetachDevice
MmMapIoSpace
hal
KfReleaseSpinLock
KfAcquireSpinLock
KeQueryPerformanceCounter
KeGetCurrentIrql
Sections
.text Size: 307KB - Virtual size: 307KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
_LTEXT Size: 45KB - Virtual size: 45KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 265KB - Virtual size: 265KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_LDATA Size: 320B - Virtual size: 303B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGESER Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ