zer0m0n-x64[.]sys

Sharing

Copy URL Twitter E-mail

General

Target

zer0m0n-x64.sys
Size

112KB
MD5

fc80a9e7746f5b74a37b724abb2ea658
SHA1

3658ba8cad94269d31b91155fae6a0fe83746929
SHA256

bc4349f40edb968ad1e6bb827dd302385405f29307c27034ebc381e9a4d108ec
SHA512

48e88ede7a6e9a790254b37ea2409bcfa68a6c40756d3bc4ddd2eb55bf6ad8898e0f8181eb83b1dd44ca24ac1d05c05e95249d5c2337682ef4774dc40b9f2442
SSDEEP

1536:137kcMZZ2tz/wkNAI8nlfA3WSblDUHxEcDIixpcwUv39WPT7PfunT/8ie:N7vMQnNARRhTREcsiw9v39WrKb8ie

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
zer0m0n-x64.sys

Files

zer0m0n-x64.sys
.exe windows x64

c35ae194ac934b30ed1932b70db04bad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ZwClose
RtlInitUnicodeString
IofCompleteRequest
ZwOpenFile
ZwWriteFile
ZwQueryVirtualMemory
ObfDereferenceObject
_stricmp
ZwQuerySystemInformation
KeUnstackDetachProcess
KeStackAttachProcess
ExGetPreviousMode
PsGetCurrentProcessId
IoDeleteSymbolicLink
IoRegisterShutdownNotification
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ExAllocatePoolWithTag
ProbeForRead
ExFreePoolWithTag
PsSetCreateProcessNotifyRoutineEx
wcsncmp
PsProcessType
vsprintf_s
ExfAcquirePushLockExclusive
PsLookupProcessByProcessId
MmGetSystemRoutineAddress
KeDelayExecutionThread
PsCreateSystemThread
KeQueryTimeIncrement
ExfReleasePushLockExclusive
ObOpenObjectByPointer
KeSetEvent
KeInitializeEvent
MmBuildMdlForNonPagedPool
IoFreeMdl
KeWaitForSingleObject
IoFreeIrp
IoAllocateIrp
IoAllocateMdl
ZwQueryObject
tolower
CmRegisterCallbackEx
RtlEqualUnicodeString
CmCallbackGetKeyObjectID
RtlGetVersion
ZwQueryInformationProcess
ZwQueryInformationThread
KeBugCheckEx
ExInitializePushLock
sprintf_s
strnlen
strncpy
isdigit
sprintf
_strnicmp
__chkstk
__C_specific_handler

netio.sys

WskRegister
WskCaptureProviderNPI

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c35ae194ac934b30ed1932b70db04bad

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

netio.sys

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 2KB - Virtual size: 26KB

.pdata Size: 2KB - Virtual size: 1KB

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 518B

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 2KB - Virtual size: 26KB

.pdata
Size: 2KB - Virtual size: 1KB

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 518B