Static task
static1
General
-
Target
e7407ef4c624e38043fb10d381c5f33e19c5032177b17c14a3dd068849211d0c
-
Size
4.2MB
-
MD5
224c0ebdc0831d63e6a85ba34782cf24
-
SHA1
eb1f47324a1e25177b987f720eae3fcb26b734b1
-
SHA256
e7407ef4c624e38043fb10d381c5f33e19c5032177b17c14a3dd068849211d0c
-
SHA512
f126c96dd9d467e1f550d83c6f0f931861aac2fb679afa3ec804d2d03ed5b5fbc9e7610e954567bcee5ae57b74b1759aeee94694b8766799e711f5a96c3745c7
-
SSDEEP
98304:5y3ztBMTDxWFPXYwp1C/h4DvmNesdqWhH:5y3z4TDEFPfggmN9rh
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e7407ef4c624e38043fb10d381c5f33e19c5032177b17c14a3dd068849211d0c
Files
-
e7407ef4c624e38043fb10d381c5f33e19c5032177b17c14a3dd068849211d0c.sys windows:6 windows x86 arch:x86
9f0ba8ff665b0e8f743c5f168209b039
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ObQueryNameString
ObReferenceObjectByPointer
IoFileObjectType
MmIsAddressValid
ZwClose
ZwCreateFile
ObReferenceObjectByHandle
_stricmp
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryDirectoryObject
ZwOpenDirectoryObject
ZwReadFile
ZwQueryInformationFile
toupper
_wcsnicmp
RtlEqualUnicodeString
IofCompleteRequest
ZwQueryInformationProcess
IoGetCurrentProcess
ZwQueryInformationThread
ObOpenObjectByPointer
PsThreadType
PsLookupThreadByThreadId
ZwSetInformationThread
ZwTerminateProcess
PsProcessType
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwOpenProcess
memset
KeRestoreExtendedProcessorState
KeSaveExtendedProcessorState
KeRevertToUserAffinityThreadEx
KeSetSystemAffinityThreadEx
KeSetPriorityThread
KeGetCurrentThread
IoDriverObjectType
KeTickCount
_alldiv
_allmul
RtlRandomEx
wcsnlen
KeWaitForSingleObject
PsGetCurrentProcessId
IoGetRequestorSessionId
_chkstk
ObfReferenceObject
RtlFreeUnicodeString
KeSetEvent
PsGetProcessId
ExGetPreviousMode
memcpy
IoThreadToProcess
ZwFreeVirtualMemory
ProbeForRead
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalAddress
KeInitializeEvent
IoDeleteDevice
IoDeleteSymbolicLink
PsRemoveLoadImageNotifyRoutine
PsRemoveCreateThreadNotifyRoutine
PsSetCreateProcessNotifyRoutine
ZwSetValueKey
ZwQueryValueKey
ZwOpenKey
KeResetEvent
IoGetRequestorProcessId
IoGetRequestorProcess
PsCreateSystemThread
PsTerminateSystemThread
PsSetLoadImageNotifyRoutine
KeDelayExecutionThread
KeClearEvent
IoCreateNotificationEvent
PsSetCreateThreadNotifyRoutine
IoCreateSymbolicLink
ExUuidCreate
KeQueryTimeIncrement
NtBuildNumber
MmSystemRangeStart
MmHighestUserAddress
KeBugCheckEx
RtlUnwind
ProbeForWrite
ZwAllocateVirtualMemory
_vsnwprintf
RtlInitUnicodeString
MmGetSystemRoutineAddress
KeStackAttachProcess
PsGetVersion
ZwSetSecurityObject
IoDeviceObjectType
IoCreateDevice
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ZwCreateKey
KeUnstackDetachProcess
ObfDereferenceObject
PsLookupProcessByProcessId
ExAllocatePool
PsGetCurrentThreadId
ExFreePoolWithTag
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
ExFreePool
_allshl
_aullshr
_vsnprintf
_stricmp
NtQuerySystemInformation
memcpy
memset
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
ZwWaitForSingleObject
ZwDeviceIoControlFile
ZwOpenFile
_wcsnicmp
ZwEnumerateKey
ZwCreateEvent
MmGetSystemRoutineAddress
ZwCreateFile
KeRevertToUserAffinityThread
_except_handler3
KeQueryActiveProcessors
KeQueryTimeIncrement
KeTickCount
_alldiv
_allmul
DbgBreakPointWithStatus
_aullshr
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IoAllocateMdl
IoFreeMdl
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
KeWaitForSingleObject
KeReleaseMutex
KeInitializeMutex
ExFreePoolWithTag
ExAllocatePool
KeSetSystemAffinityThread
DbgPrint
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint
_except_handler3
hal
KfRaiseIrql
KeGetCurrentIrql
ExReleaseFastMutex
ExAcquireFastMutex
KfLowerIrql
KeQueryPerformanceCounter
KeQueryPerformanceCounter
Sections
.text Size: - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 14.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.miy Size: - Virtual size: 3.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ze1 Size: 1024B - Virtual size: 880B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.}xp Size: 4.2MB - Virtual size: 4.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ