randomize_serials[.]sys | Triage

Sharing

Copy URL Twitter E-mail

General

Target

randomize_serials.sys
Size

17KB
MD5

9e735a1eb6763924ea639ec6fb87bbc9
SHA1

cbb5884c165228cfd3451b93d6d2eb2a5b206975
SHA256

6d7b455dd26f6772bd52b717309da89e519f9f722f6681e46f91ae0f4d244c49
SHA512

3cbb929a1eb588910244188b198180e16196702b27ffc39444f77e2c22fc5cd76a4c63c63f235b2098958b9942d9d915eea090b7b0f941dfd9b1f103755329cc
SSDEEP

192:fLEPbewH1BVZYewzNZEc+Pb0Zsu6lFgMOcnT:wPywvyzNmAMlFnOc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
randomize_serials.sys

Files

randomize_serials.sys
.exe windows x64

9cd3a2254af2c5c16a99addca383bf7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

MmIsAddressValid
ExAllocatePool
RtlAnsiStringToUnicodeString
ZwQuerySystemInformation
RtlEqualUnicodeString
RtlRandomEx
ObfDereferenceObject
RtlFreeUnicodeString
RtlInitUnicodeString
MmGetPhysicalAddress
strcmp
IoGetDeviceObjectPointer
RtlInitAnsiString
MmGetSystemRoutineAddress
ExFreePoolWithTag
ObReferenceObjectByName
ZwTerminateProcess
MmMapLockedPagesSpecifyCache
IofCompleteRequest
MmAllocateContiguousMemory
IoDriverObjectType
ZwOpenProcess

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 746B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE