Static task
static1
General
-
Target
93e9fa59a145b90a6c99394a635c6d539871919b388f76b0bcd1e6fa2facaaacN
-
Size
1.9MB
-
MD5
ddeee6e4965e9b7b5bd99f364f6f7850
-
SHA1
c95c690f66554d82f5d9d30fb275a443240fe986
-
SHA256
93e9fa59a145b90a6c99394a635c6d539871919b388f76b0bcd1e6fa2facaaac
-
SHA512
b8327832672bfde37e3288743e39775369ce501115ad5d650898a3f1b2989c2e254ca6f3ef4b64615310edbafa5c4eaa6c92b261ed70db094604869e477a1b11
-
SSDEEP
12288:2bBVYWU2NBfgOxVBunv/jEqG52N4QwmrTtV5k:2HTUOgOxjuo2N4Qwmrzq
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 93e9fa59a145b90a6c99394a635c6d539871919b388f76b0bcd1e6fa2facaaacN
Files
-
93e9fa59a145b90a6c99394a635c6d539871919b388f76b0bcd1e6fa2facaaacN.sys windows:10 windows x64 arch:x64
d5dadb030d51fd37a08a6bd33e06b585
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
RtlInitUnicodeString
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
IoAllocateIrp
IofCallDriver
IoCreateFile
IoFreeIrp
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
__C_specific_handler
IoFileObjectType
RtlImageNtHeader
RtlImageDirectoryEntryToData
strcmp
RtlCompareUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
PsCreateSystemThread
PsTerminateSystemThread
PsGetVersion
ZwCreateFile
ZwQueryInformationFile
ZwReadFile
RtlRandom
ZwQueryInformationThread
ObReferenceObjectByName
PsThreadType
IoDriverObjectType
MmGetSystemRoutineAddress
strlen
wcscat
wcscpy
wcslen
_wcsicmp
RtlGetVersion
KeDelayExecutionThread
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
MmProbeAndLockPages
MmUnlockPages
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
IoAllocateMdl
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
IoGetCurrentProcess
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
PsGetProcessCreateTimeQuadPart
sprintf_s
swprintf
swscanf_s
__chkstk
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlRandomEx
ZwQuerySystemInformation
isupper
strstr
RtlCompareUnicodeStrings
RtlCompareString
Sections
8Q:;TjIC Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
x#Nff,]h Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
v:$f(i,, Size: 512B - Virtual size: 896B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
;,j*:'At Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_f6X=.?W Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
(mL&diHQ Size: 461KB - Virtual size: 461KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
S)g*ZUBF Size: 512B - Virtual size: 44B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nfdu!ls Size: 72KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
<eoghgp Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE