Static task
static1
General
-
Target
87e612a36ef07dbf0668357d73da8c3034d970d952d7ebb792d1c1535b395743
-
Size
114KB
-
MD5
e50585e91087496ea9289aa7d58d6130
-
SHA1
67abf4599d1da941d720791ceb3f3774261a2392
-
SHA256
87e612a36ef07dbf0668357d73da8c3034d970d952d7ebb792d1c1535b395743
-
SHA512
724bcb56304d2564e1db18b99a53036e00ab9472c045a951d26fc2e924f5012c2b464c6215ef3a484719e091a3d7be72d2ff63656cb0ce71f99f662d3cf427e4
-
SSDEEP
1536:+beOL57fEoMXUlUn4MBen5Azbj1i9RneqHWAkNHoUqNJ4M4t3a:weoBfErElUn4M45cdgRjHQoxL4MA3
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 87e612a36ef07dbf0668357d73da8c3034d970d952d7ebb792d1c1535b395743
Files
-
87e612a36ef07dbf0668357d73da8c3034d970d952d7ebb792d1c1535b395743.sys windows:10 windows x64 arch:x64
47e481f0f3e050c3fd87645da904d3ba
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlCompareUnicodeStrings
RtlCopyUnicodeString
RtlFreeUnicodeString
RtlFreeAnsiString
RtlGetVersion
KeInitializeEvent
KeSetEvent
KeReleaseSemaphore
KeDelayExecutionThread
KeWaitForSingleObject
ExAllocatePool
MmGetSystemRoutineAddress
IoAllocateIrp
IofCallDriver
IofCompleteRequest
IoCreateDevice
IoCreateFile
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoDetachDevice
IoFreeIrp
IoFreeMdl
PoCallDriver
PoStartNextPowerIrp
ObReferenceObjectByHandle
ObfReferenceObject
ObfDereferenceObject
ZwQueryInformationFile
ZwReadFile
ZwClose
ExFreePoolWithTag
MmIsAddressValid
PsSetCreateProcessNotifyRoutineEx
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
PsGetCurrentProcessId
PsGetCurrentThreadId
IoGetFileObjectGenericMapping
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
IoQueryFileDosDeviceName
MmFlushImageSection
ObInsertObject
ZwWaitForSingleObject
ObCreateObject
SeCreateAccessState
ZwQuerySystemInformation
PsGetProcessWow64Process
RtlImageDirectoryEntryToData
PsGetProcessPeb
PsReferenceProcessFilePointer
PsAcquireProcessExitSynchronization
PsReleaseProcessExitSynchronization
RtlImageNtHeader
__C_specific_handler
IoFileObjectType
IoGetCurrentProcess
IoAllocateWorkItem
IoFreeWorkItem
IoQueueWorkItemEx
ZwAllocateVirtualMemory
_purecall
KeInitializeSemaphore
PsCreateSystemThread
PsTerminateSystemThread
ZwTerminateProcess
KeInitializeApc
KeInsertQueueApc
PsWrapApcWow64Thread
KeTestAlertThread
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
RtlAnsiCharToUnicodeChar
RtlRaiseException
strcpy_s
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
KeBugCheckEx
RtlCaptureContext
RtlVirtualUnwind
IoGetStackLimits
ExAllocatePoolWithTag
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
RtlUTF8ToUnicodeN
wdfldr.sys
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass
WdfVersionBindClass
Sections
.text Size: 71KB - Virtual size: 70KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 17KB - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 216B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ