Static task
static1
General
-
Target
06ddbe53e9668ab7bc05cc670edcc1afac580402fb3849b9c068966cffe29165
-
Size
1.0MB
-
MD5
4b7e6a1f9a97fcdf09f628e2b97d0bdb
-
SHA1
4a7c67f423a600785ec5a21581c259c96b298ddd
-
SHA256
06ddbe53e9668ab7bc05cc670edcc1afac580402fb3849b9c068966cffe29165
-
SHA512
300ef32652a6222b18d90da7e40d4f9308cca6d50b38a45772ebd45fb4011d5e8f488cf24455314f76b2bbfbff9737300d6e838058b127fe0330dfa7321ef30b
-
SSDEEP
12288:nKpHje9OarW5MS/MxpVuB6NMBaPcfeuHlhtPC+i:KpDe9OayySof5V
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 06ddbe53e9668ab7bc05cc670edcc1afac580402fb3849b9c068966cffe29165
Files
-
06ddbe53e9668ab7bc05cc670edcc1afac580402fb3849b9c068966cffe29165.sys windows:10 windows x64 arch:x64
ad2ec97cf61d48c53cfb9ad7766ac521
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
fltmgr.sys
FltGetFileNameInformationUnsafe
ntoskrnl.exe
ZwClose
ZwDeleteFile
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
RtlInitUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
MmGetSystemRoutineAddress
MmIsAddressValid
RtlCopyUnicodeString
ZwCreateKey
ZwOpenKey
ZwQueryValueKey
ZwSetValueKey
KeAreAllApcsDisabled
IofCompleteRequest
IoRegisterShutdownNotification
RtlRandomEx
ZwFlushBuffersFile
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
ObfDereferenceObject
PsThreadType
ZwQueryInformationFile
strcpy_s
RtlInt64ToUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlGetVersion
KeBugCheckEx
KeAcquireGuardedMutex
KeReleaseGuardedMutex
KeInitializeGuardedMutex
IoGetCurrentProcess
PsGetCurrentProcessId
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
PsGetCurrentThreadId
KeClearEvent
IoCreateDevice
IoCreateNotificationEvent
IoCreateSymbolicLink
IoDeleteDevice
ZwWriteFile
__C_specific_handler
ExAllocatePool
KeDelayExecutionThread
KeQueryTimeIncrement
ZwQuerySystemInformation
wcslen
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
ZwDeleteValueKey
ZwFlushKey
ZwOpenFile
ZwCreateSection
wcsrchr
RtlAppendUnicodeStringToString
ZwUnloadDriver
MmMapViewInSystemSpace
MmUnmapViewInSystemSpace
RtlImageDirectoryEntryToData
strlen
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
IoAllocateMdl
IoFreeMdl
strncpy_s
_strupr
ZwReadFile
ZwCreateFile
IoDeleteSymbolicLink
hal
KeStallExecutionProcessor
KeQueryPerformanceCounter
Sections
.text Size: 135KB - Virtual size: 134KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 633KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.CRT Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 712B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.text Size: 880KB - Virtual size: 880KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ