drvloader[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

drvloader.exe
Size

39KB
MD5

c46a2e3d255decca49ffcea36d81258c
SHA1

97ca83c6ee0a9412a93713aa426da16819db1a65
SHA256

25fcd2db90f038ae2a3b53ed159cc86440459843a6364db5d638edaa697a1124
SHA512

3dc547c3c3d3e0c6efb4d8c830c0885a3d41b06b013b62064cee272c6afa40a58535a49d46330ab8a62672fdd8bee5a8a4e9555ce204df3f8ecc8aef75a4d3fb
SSDEEP

768:HCE13JYaP2kPPc5A9T1TMbYI3aW31MjHCPip1MmMbC0:iE1HOS9T12YI3H1MjHCPizDoC0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
drvloader.exe

Files

drvloader.exe
.exe windows x64

5934b1f8218a247bac9fbce1e0c5f14f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlReleaseRelativeName
NtClose
RtlFreeHeap
NtCreateFile
NtMapViewOfSection
RtlWriteRegistryValue
NtQuerySystemInformation
NtUnloadDriver
NtCreateSection
_snwprintf
RtlInitUnicodeString
wcscpy_s
wcscat_s
RtlGetFullPathName_UEx
NtDeviceIoControlFile
RtlAdjustPrivilege
_stricmp
NtUnmapViewOfSection
NtLoadDriver
RtlDosPathNameToRelativeNtPathName_U_WithStatus
_vsnwprintf
NtTerminateProcess
NtDeleteFile
RtlDosPathNameToNtPathName_U
RtlNormalizeProcessParams
RtlFreeUnicodeString
RtlCreateRegistryKey
RtlAllocateHeap
strcmp

kernel32

WriteConsoleW
CloseHandle
GetLastError
CreateFileW
WriteFile
SearchPathW

shlwapi

SHDeleteKeyW

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ