NEAS[.]18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7[.]sys

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7.sys
Size

55KB
MD5

a822b9e6eedf69211013e192967bf523
SHA1

83506de48bd0c50ea00c9e889fe980f56e6c6e1b
SHA256

18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7
SHA512

7056fbcf62049688ae50f89a69d2b2ed8005a38daccd6bba6bad7827cdfc4ee208bb49889f3a49258ec6fdb99f0539b1c00b9833e36d406c2888e6ef63ef8bc0
SSDEEP

1536:yZgulMALpoQSMTt9kKRw/9ug9QdB1PqpVai02VtqMqa:IgkaQhX7Rw/9t94B1AV+Mqa

Score

1^/10

Malware Config

Signatures

Files

NEAS.18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7.sys
.sys windows:6 windows x64

a998fe47a44bfbf2399968e21cfdf7ca

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:c5:bc:ad:73:31:9e:e0:13:1e:32:8a:2b:81:4e:16:4a
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

02/01/2014, 07:01

Not After

04/02/2015, 15:04

Subject

CN=GMEREK Systemy Komputerowe Przemyslaw Gmerek,O=GMEREK Systemy Komputerowe Przemyslaw Gmerek,L=Katowice,ST=Katowice,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:ca:6c:35:15:92:82:fd:64:61:5a:bc:4d:39:83:99:b0:61:84:7b
Signer

Actual PE Digest

0b:ca:6c:35:15:92:82:fd:64:61:5a:bc:4d:39:83:99:b0:61:84:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

PsProcessType
IoDeleteSymbolicLink
ExFreePoolWithTag
strncmp
_snwprintf
PsLookupProcessByProcessId
RtlInitUnicodeString
IoDeleteDevice
KeUnstackDetachProcess
KeDetachProcess
IoDriverObjectType
wcsrchr
ExAllocatePool
ZwClose
KeBugCheck
IofCompleteRequest
ObReferenceObjectByHandle
KeAttachProcess
PsGetVersion
PsThreadType
IoCreateSymbolicLink
MmIsAddressValid
ObfDereferenceObject
ObReferenceObjectByName
IoCreateDevice
ObOpenObjectByPointer
KeStackAttachProcess
PsLookupThreadByThreadId
KeClearEvent
IoGetBaseFileSystemDeviceObject
IoBuildSynchronousFsdRequest
_wcsnicmp
ZwReadFile
wcsncpy
KeInitializeEvent
ZwSetInformationFile
strncpy
IoGetDeviceObjectPointer
NtClose
KeWaitForSingleObject
ZwDeleteFile
RtlCompareUnicodeString
ObfReferenceObject
ZwOpenFile
ZwQueryInformationFile
ZwWriteFile
IofCallDriver
wcschr
MmUnmapLockedPages
_stricmp
_strnicmp
RtlVolumeDeviceToDosName
ZwMapViewOfSection
MmGetSystemRoutineAddress
ZwQuerySystemInformation
KeReleaseSpinLock
ZwOpenThread
IoFreeMdl
KeDelayExecutionThread
MmMapLockedPagesSpecifyCache
ZwUnmapViewOfSection
IoGetCurrentProcess
MmProbeAndLockPages
ZwOpenProcess
MmUnlockPages
ZwQueryInformationProcess
ZwCreateSection
wcsncmp
ZwTerminateProcess
ZwQueryInformationThread
IoAllocateMdl
KeAcquireSpinLockRaiseToDpc
ZwQuerySymbolicLinkObject
KeSetEvent
RtlEqualUnicodeString
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
ZwQueryDirectoryObject
IoFreeIrp
IoAllocateIrp
IoGetDeviceInterfaces
IoCreateNotificationEvent
ObQueryNameString
ZwWaitForSingleObject
ZwQueryDirectoryFile
KeResetEvent
KdDebuggerNotPresent
PsCreateSystemThread
PsTerminateSystemThread
KeBugCheckEx
__C_specific_handler

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a998fe47a44bfbf2399968e21cfdf7ca

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:c5:bc:ad:73:31:9e:e0:13:1e:32:8a:2b:81:4e:16:4aCertificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

0b:ca:6c:35:15:92:82:fd:64:61:5a:bc:4d:39:83:99:b0:61:84:7bSigner

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 1KB - Virtual size: 1KB

INIT Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 872B

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:c5:bc:ad:73:31:9e:e0:13:1e:32:8a:2b:81:4e:16:4a
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

0b:ca:6c:35:15:92:82:fd:64:61:5a:bc:4d:39:83:99:b0:61:84:7b
Signer

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 1KB - Virtual size: 1KB

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 872B