AccPtFlt[.]sys

Sharing

Copy URL

Twitter E-mail

General

Target

AccPtFlt.sys
Size

27KB
MD5

814704a0b9ab78d030b188534da5be8c
SHA1

8b35cba42985b6ebd745aabba75ac112cb1053d0
SHA256

7e4b5b0d5a87a4afd54fb2269d879747e960847f10a7977376033d0169f579b3
SHA512

c8d4632afe5da5d9ad3f412c6f619fd2e6df242019f4ea50a307cae10a974de52e4264a1018652f0612d8a4d8b4bd3a3945207430ca22b597d30a88edde57315
SSDEEP

384:3UV4OTkguJLMm1fqHtEOcUkictoPBLyYh3wEOFsWAR9zWzc:c4MmW6fdtiBLym3wEOiL9zd

Score

1^/10

Malware Config

Signatures

Files

AccPtFlt.sys
.exe windows x64

9860f1b91ac95674f0137f1aba9d45c4

Code Sign

67:0a:15:d1:20:52:af:ae:46:75:31:7b:74:05:6b:7e
Certificate

Issuer

CN=WDKTestCert admin\,132974460220922485

Not Before

19/05/2022, 15:00

Not After

19/05/2032, 00:00

Subject

CN=WDKTestCert admin\,132974460220922485

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

33:00:00:00:56:35:88:7e:de:18:82:ef:76:00:00:00:00:00:56
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/06/2022, 18:08

Not After

01/06/2023, 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:94:4e:6d:6f:ca:b0:27:33:ee:ea:76:f7:18:cd:98:2f:1e:31:91:cc:a4:77:3c:37:c2:e8:71:f9:e7:bd:29
Signer

Actual PE Digest

9e:94:4e:6d:6f:ca:b0:27:33:ee:ea:76:f7:18:cd:98:2f:1e:31:91:cc:a4:77:3c:37:c2:e8:71:f9:e7:bd:29

Digest Algorithm

sha256

PE Digest Matches

true

83:1c:ea:5f:21:77:38:30:8e:7a:10:cd:0b:44:f1:b2:9d:c0:68:99
Signer

Actual PE Digest

83:1c:ea:5f:21:77:38:30:8e:7a:10:cd:0b:44:f1:b2:9d:c0:68:99

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

fltmgr.sys

FltUnregisterFilter
FltStartFiltering
FltGetFileNameInformation
FltReleaseFileNameInformation
FltParseFileNameInformation
FltRegisterFilter

ntoskrnl.exe

ExFreePoolWithTag
ObfDereferenceObject
PsLookupProcessByProcessId
ExAllocatePoolWithTag
__C_specific_handler
RtlInitUnicodeString
ZwClose
RtlCopyUnicodeString
DbgPrint
ZwTerminateProcess
ZwOpenProcess
ObOpenObjectByPointer
ZwQueryInformationProcess
MmGetSystemRoutineAddress
PsGetCurrentProcessId
PsGetCurrentThreadId
PsGetProcessImageFileName

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 709B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9860f1b91ac95674f0137f1aba9d45c4

Code Sign

67:0a:15:d1:20:52:af:ae:46:75:31:7b:74:05:6b:7eCertificate

Extended Key Usages

Key Usages

33:00:00:00:56:35:88:7e:de:18:82:ef:76:00:00:00:00:00:56Certificate

Extended Key Usages

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate

Key Usages

9e:94:4e:6d:6f:ca:b0:27:33:ee:ea:76:f7:18:cd:98:2f:1e:31:91:cc:a4:77:3c:37:c2:e8:71:f9:e7:bd:29Signer

83:1c:ea:5f:21:77:38:30:8e:7a:10:cd:0b:44:f1:b2:9d:c0:68:99Signer

Headers

DLL Characteristics

File Characteristics

Imports

fltmgr.sys

ntoskrnl.exe

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 472B

.pdata Size: 512B - Virtual size: 300B

PAGE Size: 1024B - Virtual size: 709B

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 104B

67:0a:15:d1:20:52:af:ae:46:75:31:7b:74:05:6b:7e
Certificate

33:00:00:00:56:35:88:7e:de:18:82:ef:76:00:00:00:00:00:56
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

9e:94:4e:6d:6f:ca:b0:27:33:ee:ea:76:f7:18:cd:98:2f:1e:31:91:cc:a4:77:3c:37:c2:e8:71:f9:e7:bd:29
Signer

83:1c:ea:5f:21:77:38:30:8e:7a:10:cd:0b:44:f1:b2:9d:c0:68:99
Signer

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 472B

.pdata
Size: 512B - Virtual size: 300B

PAGE
Size: 1024B - Virtual size: 709B

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 104B