quyengabon[.]sys

General

Target

quyengabon.sys
Size

7KB
MD5

8859f2c6df283f30699bc980acd921e9
SHA1

82293d509dc4b9f20f06329ba1a25c2827f6fa20
SHA256

4f458fcefd0e8a46142a3a1c1cb45fa2f645e13598362c472ee4dd4fdeab82ea
SHA512

05318c0828b6e5717bc6faa2baee5cc9e77459b538a7aabd7a510419d01e5baed2bc66f8a9c8e6682baa127d94e1aefc069aa73295b3f1e760f57dc432073edc
SSDEEP

96:RCpLgQ14uJIs/v5X56rgFHr5EYva2GoADvw1eQzqXGHNlgr5tLJR:MpLP14uJIs/BbF3vLGieQzBlgr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
quyengabon.sys

Files

quyengabon.sys
.sys windows:10 windows x64 arch:x64

fc664ebc1867cc6ee2441162db7a2d2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\quyen\Downloads\Farlight84-Nimrod-aimbot-main\Farlight84-Nimrod-aimbot-main\Memory\driver\x64\Release\KP.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
RtlCompareUnicodeString
RtlGetVersion
KeFlushIoBuffers
KeEnterCriticalRegion
KeLeaveCriticalRegion
MmMapLockedPagesSpecifyCache
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoGetCurrentProcess
ObfDereferenceObject
KeAttachProcess
KeDetachProcess
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ZwAllocateVirtualMemory
ZwQueryVirtualMemory
MmCopyVirtualMemory
PsGetProcessPeb
IoCreateDriver
ZwProtectVirtualMemory
PsGetProcessSectionBaseAddress
__C_specific_handler

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fc664ebc1867cc6ee2441162db7a2d2c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1024B - Virtual size: 952B

.data Size: 512B - Virtual size: 56B

.pdata Size: 512B - Virtual size: 204B

INIT Size: 1024B - Virtual size: 904B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1024B - Virtual size: 952B

.data
Size: 512B - Virtual size: 56B

.pdata
Size: 512B - Virtual size: 204B

INIT
Size: 1024B - Virtual size: 904B