driver[.]dat | Triage

Resubmissions

07-03-2023 18:25

230307-w2vwysbc47 1

Sharing

Copy URL

Twitter E-mail

General

Target

driver.dat
Size

1.2MB
MD5

2ba41ca1e8fd224e928991a6b1340fc5
SHA1

f6d7147b659a9a04c8e4d1294c757c5201415b4c
SHA256

e2b5e066f183f902999604be7a6db2cff75640062107a03619e7df5ec50f8559
SHA512

13ec485f8f72a9f8f187d5cf8a0613e8b3186347f8ff6a06ffc023e481ac61c600da8e6c1b99db34efb8778f795a7dc7c0ae14866865bc742a7ba813eb1ce371
SSDEEP

24576:jy+ix08xT3XTDCoaQf5hwmt5gAZWcpWGT2w5043NAFzo:m+ixnRfdaQf5hwm0AIcMaP08iF0

Score

1^/10

Malware Config

Signatures

Files

driver.dat
.exe windows x64

5ccd84d19b27338522524ae56a2de691

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

netio.sys

WskCaptureProviderNPI
WskReleaseProviderNPI
WskDeregister
WskRegister

ntoskrnl.exe

ExAllocatePoolWithTag
ExFreePoolWithTag
KeInitializeEvent
KeResetEvent
KeSetEvent
KeWaitForSingleObject
MmProbeAndLockPages
IoAllocateIrp
IoAllocateMdl
IoFreeIrp
IoFreeMdl
__C_specific_handler
KeEnterGuardedRegion
KeLeaveGuardedRegion
ExQueueWorkItem
RtlCompareUnicodeString
ObfDereferenceObject
MmSecureVirtualMemory
MmUnsecureVirtualMemory
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
MmCopyVirtualMemory
PsGetProcessSectionBaseAddress
PsGetProcessPeb
ZwProtectVirtualMemory
RtlInitUnicodeString
IoReuseIrp

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text0
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

5ccd84d19b27338522524ae56a2de691

Headers

DLL Characteristics

File Characteristics

Imports

netio.sys

ntoskrnl.exe

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 468B

INIT Size: 1KB - Virtual size: 1KB

.text0 Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 512B - Virtual size: 176B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 468B

INIT
Size: 1KB - Virtual size: 1KB

.text0
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 512B - Virtual size: 176B