2345Base[.]sys

Sharing

Copy URL

Twitter E-mail

General

Target

2345Base.sys
Size

221KB
MD5

248167aa9eeb3510cd1ad969d58ff838
SHA1

fac84d1e546d9e7a652a9126290ff03602e05938
SHA256

07684d5974de0252d40872f2e2612e3dbf82af1bd452a49687053dfa6c220595
SHA512

e2ed6094d9395f4b8d78a6adc6fc8513a91016d28769b2fc69a3e26784109e57c1d2fbd5dcff065f8171a13d6d0b6da95f32ff6fdb16a9da63cf81db47191e5a
SSDEEP

3072:lQEw937634cBlR9TZMJNrByvnl7Byise607L5OfiyY8NN:lDM37M3FMHrByN7Z9L7L5j8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2345Base.sys

Files

2345Base.sys
.exe windows x64

88f59ee387d44c49e001e864269efd96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAcquireRundownProtection
ExFreePoolWithTag
KeLeaveCriticalRegion
ExInitializeNPagedLookasideList
PsSetLoadImageNotifyRoutine
ExReleaseRundownProtectionEx
PsLookupProcessByProcessId
KeSetEvent
ExpInterlockedPushEntrySList
MmGetSystemRoutineAddress
KeInitializeEvent
PsSetCreateThreadNotifyRoutine
ExReleaseRundownProtection
ExpInterlockedPopEntrySList
PsSetCreateProcessNotifyRoutine
KeEnterCriticalRegion
KeDelayExecutionThread
PsCreateSystemThread
ZwClose
ExQueryDepthSList
ExAcquireRundownProtectionEx
ObfDereferenceObject
CmUnRegisterCallback
ExAllocatePoolWithTag
RtlEqualUnicodeString
PsTerminateSystemThread
_vsnwprintf
KeWaitForSingleObject
CmRegisterCallback
ExReInitializeRundownProtection
RtlMultiByteToUnicodeN
ObQueryNameString
IoGetTopLevelIrp
PsGetCurrentThreadId
PsGetCurrentProcessId
RtlCopyUnicodeString
MmIsAddressValid
ExInitializeRundownProtection
RtlCaptureContext
ExReleaseFastMutex
ExAcquireFastMutex
RtlVirtualUnwind
RtlLookupFunctionEntry
ZwQuerySymbolicLinkObject
_wcsnicmp
ZwOpenSymbolicLinkObject
ZwOpenProcess
ZwTerminateProcess
RtlDeleteElementGenericTableAvl
ExAcquireResourceExclusiveLite
RtlInsertElementGenericTableAvl
KeReleaseSpinLock
RtlInitializeBitMap
ExAcquireResourceSharedLite
ExReleaseResourceLite
RtlInitializeGenericTableAvl
ObfReferenceObject
ExInitializePagedLookasideList
ExInitializeResourceLite
RtlLookupElementGenericTableAvl
KeAcquireSpinLockRaiseToDpc
MmSystemRangeStart
ExUuidCreate
RtlCompareUnicodeString
RtlImageNtHeader
KeRegisterBugCheckReasonCallback
ExGetPreviousMode
MmUserProbeAddress
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwQuerySystemInformation
RtlFreeUnicodeString
ExSystemTimeToLocalTime
RtlTimeToTimeFields
ZwOpenFile
ZwQueryInformationFile
RtlAppendUnicodeToString
IoFileObjectType
ZwCreateFile
IofCompleteRequest
ObReferenceObjectByHandle
RtlPrefixUnicodeString
RtlAppendUnicodeStringToString
ZwDeleteFile
ZwWriteFile
ZwSetValueKey
ZwQueryDirectoryFile
IoCreateSymbolicLink
ZwOpenKey
MmHighestUserAddress
ExWaitForRundownProtectionRelease
InitSafeBootMode
IoUnregisterShutdownNotification
IoRegisterBootDriverReinitialization
IoDeleteDevice
RtlInitUnicodeString
IoRegisterDriverReinitialization
ZwDeleteValueKey
wcslen
ZwQueryValueKey
ZwEnumerateValueKey
ZwDeleteKey
ZwEnumerateKey
RtlGetVersion
IoGetDeviceObjectPointer
RtlUnicodeStringToAnsiString
FsRtlIsNameInExpression
KeClearEvent
ZwCreateKey
KeWaitForMultipleObjects
PsGetProcessPeb
ProbeForRead
PsProcessType
PsGetProcessCreateTimeQuadPart
KeUnstackDetachProcess
PsThreadType
ZwQueryInformationProcess
ZwQueryInformationThread
ObOpenObjectByPointer
KeStackAttachProcess
PsLookupThreadByThreadId
MmUnmapLockedPages
KeInitializeApc
KeInsertQueueApc
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
PsIsThreadTerminating
MmUnlockPages
IoAllocateMdl
_stricmp
ZwMapViewOfSection
ZwUnmapViewOfSection
strcmp
ZwCreateSection
RtlCompareMemory
ZwQueryObject
ZwSetInformationObject
ZwReadFile
IoGetRelatedDeviceObject
ZwSetInformationFile
IoGetDeviceAttachmentBaseRef
IoCreateFileSpecifyDeviceObjectHint
IoGetBaseFileSystemDeviceObject
IoCreateFile
ZwDuplicateObject
IoFreeIrp
IoAllocateIrp
ExRaiseStatus
KeAreApcsDisabled
RtlQueryRegistryValues
IoVolumeDeviceToDosName
RtlCompressBuffer
RtlDecompressBuffer
RtlGetCompressionWorkSpaceSize
FsRtlDissectName
_strnicmp
PsGetProcessImageFileName
KeQueryMaximumProcessorCount
ObReferenceObjectByName
RtlDeleteElementGenericTable
RtlHashUnicodeString
RtlLookupElementGenericTable
RtlEnumerateGenericTable
RtlIsGenericTableEmpty
RtlInitializeGenericTable
RtlInsertElementGenericTable
KeBugCheckEx
IoCreateDevice
ZwFlushKey
IoRegisterShutdownNotification
__C_specific_handler

fltmgr.sys

FltDeletePushLock
FltInitializePushLock
FltReleaseFileNameInformation
FltGetFileNameInformationUnsafe
FltAcquirePushLockExclusive
FltReleasePushLock
FltAcquirePushLockShared

hal

KeQueryPerformanceCounter

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 990B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88f59ee387d44c49e001e864269efd96

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

fltmgr.sys

hal

Sections

.text Size: 190KB - Virtual size: 189KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 5KB - Virtual size: 68KB

.pdata Size: 6KB - Virtual size: 6KB

INIT Size: 6KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 1024B - Virtual size: 990B

.text
Size: 190KB - Virtual size: 189KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 5KB - Virtual size: 68KB

.pdata
Size: 6KB - Virtual size: 6KB

INIT
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 1024B - Virtual size: 990B