valthrun-driver[.]sys

Sharing

Copy URL

Twitter E-mail

General

Target

valthrun-driver.sys
Size

111KB
MD5

30be785bc16d258b5ab52d3c34958cea
SHA1

65cc11a26621759fc1fb52c3c5e0d85421b106e9
SHA256

ec8405098ddd708851455205f7e92c01e833807140a4932c5a5156dc34b5884b
SHA512

b6a25ce5b9f6b1357254997d806d1df62d1bfb217f7ec1ed89e3af2981ce5384c3719d501e5b0dc77a2598125723e207fd07b4e91b7b4b5fcee07c6b2db7ae9d
SSDEEP

1536:ubhvRmY7sGDpuV+bMADPcKKEtnTr8I0sT/WVVtunSvVL1KxJ:ub/mYIGDpeE5ChVuSvpW

Score

1^/10

Malware Config

Signatures

Files

valthrun-driver.sys
.dll windows:6 windows x64

11c6e201a4ec72c44441ed6ad4dcf301

Code Sign

77:68:3e:8f:5c:dd:64:bf:45:f2:2e:7b:4f:77:5d:cf
Certificate

Issuer

CN=DriverCertificate

Not Before

11-10-2023 17:22

Not After

31-12-2039 23:59

Subject

CN=DriverCertificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

95:ce:1f:a3:45:c8:bd:26:cb:cb:8b:6f:86:8d:dd:aa:51:01:77:9f:f0:30:27:89:c5:8e:2b:84:50:91:60:d7
Signer

Actual PE Digest

95:ce:1f:a3:45:c8:bd:26:cb:cb:8b:6f:86:8d:dd:aa:51:01:77:9f:f0:30:27:89:c5:8e:2b:84:50:91:60:d7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ExFreePoolWithTag
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeStackAttachProcess
KeUnstackDetachProcess
ObfDereferenceObject
DbgPrintEx
ExAcquireFastMutex
ExReleaseFastMutex
ObUnRegisterCallbacks
RtlGetVersion
MmSystemRangeStart
KeGetCurrentIrql
IoCreateDriver
MmIsAddressValid
MmGetSystemRoutineAddress
IoDriverObjectType
ObReferenceObjectByName
ObfReferenceObject
PsProcessType
ObRegisterCallbacks
IoGetCurrentProcess
PsGetProcessId
PsGetProcessImageFileName
strlen
IoCompleteRequest
KeInitializeEvent
IoDeleteDevice
RtlImageNtHeader
ZwQuerySystemInformation
PsGetProcessPeb
DbgBreakPoint
KeBugCheck

Exports

Exports

__CxxFrameHandler3
_fltused
driver_entry
driver_unload

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 497B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11c6e201a4ec72c44441ed6ad4dcf301

Code Sign

77:68:3e:8f:5c:dd:64:bf:45:f2:2e:7b:4f:77:5d:cfCertificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

95:ce:1f:a3:45:c8:bd:26:cb:cb:8b:6f:86:8d:dd:aa:51:01:77:9f:f0:30:27:89:c5:8e:2b:84:50:91:60:d7Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 497B

.pdata Size: 1KB - Virtual size: 1KB

INIT Size: 1024B - Virtual size: 1020B

.reloc Size: 1024B - Virtual size: 692B

77:68:3e:8f:5c:dd:64:bf:45:f2:2e:7b:4f:77:5d:cf
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

95:ce:1f:a3:45:c8:bd:26:cb:cb:8b:6f:86:8d:dd:aa:51:01:77:9f:f0:30:27:89:c5:8e:2b:84:50:91:60:d7
Signer

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 497B

.pdata
Size: 1KB - Virtual size: 1KB

INIT
Size: 1024B - Virtual size: 1020B

.reloc
Size: 1024B - Virtual size: 692B