DexzsDiskRando[.]sys | Triage

Sharing

Copy URL Twitter E-mail

General

Target

DexzsDiskRando.sys
Size

6KB
MD5

7ba367a8b50d0deb962ef71c734f8af0
SHA1

a2ab528dc78a651527ce888911d2300aca38e3ef
SHA256

4dc41e18515dc1b6e6ad05ba9faf230ddb1a72221520521ce5cd3275c6bf10db
SHA512

7388c368dd2bf6e03d066be8a0539f6bd3ac6cf37cb143f506f58bf94aca7b3855c0715bec63389c9325bbbeebe9f64237e800d0792c447f850ae43b70dbff07
SSDEEP

96:F4xoeeZ/1Ud2jkZrs4o7ot1efzQG7YgxnAqSsnAkiOgMo:FIk/S0jkZr5s6efzTxAunh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DexzsDiskRando.sys

Files

DexzsDiskRando.sys
.sys windows:10 windows x64 arch:x64

7f4fbf2eff8ca22fccbb5ee0c2b7d751

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlInitString
RtlInitUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
IoGetDeviceObjectPointer
ObfDereferenceObject
IoEnumerateDeviceObjectList
_vsnwprintf
ObReferenceObjectByName
IoDriverObjectType
strstr
KeQueryTimeIncrement
RtlRandomEx
ZwQuerySystemInformation

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 478B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE