dwvkbd64[.]sys

Sharing

Copy URL

Twitter E-mail

General

Target

dwvkbd64.sys
Size

30KB
MD5

faae299fbf42029e55657f61f55533d3
SHA1

b12577b134cfe84d2d53467c87fa90f7d094a539
SHA256

b4db18b8f8d29fdde96962ffff82d2bafb5e9097c78fa8a0d121beb4f1b9bb54
SHA512

ef801fc1a84cb15eae07b350e612c6edc5027b7737229dfa79e60bbc7b0f01c52916d6b86c37efc8ff3648c633a4bb4b16b95bbc0eb45cfcfadf0d1450efa2d6
SSDEEP

768:mD6AIIj+yizr3ZlKgzpvkyu5IxI848RfZB6Ob:meIiyinzKIpTpHdy

Score

N/A

Malware Config

Signatures

Files

dwvkbd64.sys
.exe windows x64

b997312be09b5654ad4e222639849efc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeInitializeEvent
RtlQueryRegistryValues
MmUnmapIoSpace
PoSetPowerState
RtlInitUnicodeString
RtlFreeUnicodeString
IoSetDeviceInterfaceState
KeInitializeMutex
IoReleaseRemoveLockEx
PoStartNextPowerIrp
IoCreateController
IoFreeWorkItem
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
KeRemoveQueueDpc
KeInitializeDpc
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
IoWMIRegistrationControl
IoQueueWorkItem
IoWriteErrorLogEntry
ExReleaseFastMutexUnsafe
IoInvalidateDeviceState
IofCallDriver
IoRegisterDeviceInterface
IoDeleteDevice
KeSetEvent
IoDetachDevice
RtlAppendUnicodeToString
ExAcquireFastMutexUnsafe
IoAllocateWorkItem
IoReleaseRemoveLockAndWaitEx
KeWaitForSingleObject
IoAttachDeviceToDeviceStack
PoCallDriver
IoAcquireRemoveLockEx
IoInitializeRemoveLockEx
IoCreateDevice
IoStartPacket
KeReleaseSpinLockFromDpcLevel
IoFreeController
IoStartNextPacket
RtlCompareUnicodeString
KeCancelTimer
KeAcquireSpinLockAtDpcLevel
ZwClose
KeBugCheckEx
IoOpenDeviceRegistryKey
ZwSetValueKey
IoReleaseCancelSpinLock
KeClearEvent
PsCreateSystemThread
KeReleaseMutex
ExFreePoolWithTag
IoAllocateErrorLogEntry
IoDeleteController

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b997312be09b5654ad4e222639849efc

Headers

File Characteristics

Imports

ntoskrnl.exe

wmilib.sys

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1KB - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 564B

PAGE Size: 9KB - Virtual size: 8KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 136B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1KB - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 564B

PAGE
Size: 9KB - Virtual size: 8KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 136B