Static task
static1
General
-
Target
599f32a4bf3282cae47f79b3136f1fb2d1e87cf918588c03b9c645bdfc2b2846
-
Size
70KB
-
MD5
9bb946e4f6df2a5018e413ce4b37e5df
-
SHA1
5bbcc5af9ebc5de3d92a8f4f12f5875934ea7cb2
-
SHA256
599f32a4bf3282cae47f79b3136f1fb2d1e87cf918588c03b9c645bdfc2b2846
-
SHA512
81c1a9368088c0173187db1e6f99f97cdd2b08e54b59e49db4fb6263656ad2587c56eb682516444d8fa08834c4a09f239f40bfadf7ba9576761eb335f6baeb08
-
SSDEEP
768:8TWkYNX/2Hu7L7kQTX70RkXjuPiANJ3yXCu6f4Pz11r9E+KHsqnbqovO:eWLiC70Rk6Xnf4PLr9LKHLb+
Malware Config
Signatures
Files
-
599f32a4bf3282cae47f79b3136f1fb2d1e87cf918588c03b9c645bdfc2b2846.sys windows:6 windows x64 arch:x64
660fefa95a0446139ee7ac6a2bf1adea
Code Sign
8f:6b:80:7a:51:06:62:f6:50:c7:cf:bc:07:3b:af:4e:79:33:9b:42Signer
Actual PE Digest8f:6b:80:7a:51:06:62:f6:50:c7:cf:bc:07:3b:af:4e:79:33:9b:42Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
d:\workspace\nhqdpt_develop\trunk\src\driver\zfprotect\drv\objchk_win7_amd64\amd64\zfprotect64.pdb
Imports
ntoskrnl.exe
ExInitializeResourceLite
IoDeleteSymbolicLink
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlAssert
PsSetLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
PsRemoveLoadImageNotifyRoutine
PsGetCurrentThreadId
IoIs32bitProcess
RtlCopyUnicodeString
ExpInterlockedPushEntrySList
ExQueryDepthSList
ExDeleteNPagedLookasideList
ObQueryNameString
CmRegisterCallback
CmUnRegisterCallback
KeBugCheckEx
ExDeleteResourceLite
RtlCompareMemory
PsGetProcessId
PsGetCurrentProcessId
ZwOpenProcess
PsThreadType
IoFreeMdl
RtlGetVersion
MmGetSystemRoutineAddress
PsProcessType
IoThreadToProcess
MmUnmapLockedPages
RtlCompareUnicodeString
MmMapLockedPagesSpecifyCache
ZwOpenKey
IofCompleteRequest
ZwClose
ZwQueryValueKey
RtlInitUnicodeString
ExFreePoolWithTag
ExAllocatePoolWithTag
DbgPrint
ExInitializeNPagedLookasideList
PsLookupProcessByProcessId
ObfDereferenceObject
ObOpenObjectByPointer
__C_specific_handler
fltmgr.sys
FltBuildDefaultSecurityDescriptor
FltFreeSecurityDescriptor
FltCreateCommunicationPort
FltCloseClientPort
FltSendMessage
FltAcquireResourceExclusive
FltReleaseResource
FltStartFiltering
FltParseFileNameInformation
FltReleaseFileNameInformation
FltRegisterFilter
FltUnregisterFilter
FltGetFileNameInformation
FltAllocateContext
FltReleaseContext
FltReissueSynchronousIo
FltIsOperationSynchronous
FltSetCallbackDataDirty
FltGetDestinationFileNameInformation
FltGetRequestorProcessId
FltSetStreamHandleContext
FltGetStreamHandleContext
FltAcquireResourceShared
Sections
.text Size: 53KB - Virtual size: 53KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 792B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 262B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ