kernelmode[.]sys | Triage

Sharing

Copy URL Twitter E-mail

General

Target

kernelmode.sys
Size

9KB
MD5

6e841605eeac67b95f8fc879b6b92a20
SHA1

db41f4f8386f491d91e8b487d1196f9112e2a077
SHA256

69c98d5ffb5e685cf25c755cbea498742cbac4aed5502532ed5ce06a5acec060
SHA512

5fff9e664c124005dff096dd9e7aef6da0214db8e4688e707dad1101ceeea1d4c8af9763a7afa7b5c225fded14fcc28b056ba99952de193eb1ae87c3b89b563d
SSDEEP

96:H7KUAGc+Jiu5Yf40JDHe1ep9SHWj7TzGn1o7CTbtV7LKM:eqc+JiKYg01eep9YcHD6L7L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
kernelmode.sys

Files

kernelmode.sys
.sys windows:10 windows x64 arch:x64

13fcff0e0da006b212f6c2c9c4c02307

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Goose\Downloads\Fortnite-External-Source-main (3)\Fortnite-External-Source-main\km\x64\Release\km.pdb

Imports

ntoskrnl.exe

RtlGetVersion
ExAllocatePoolWithTag
ExFreePoolWithTag
MmUnmapIoSpace
MmMapIoSpaceEx
ObfDereferenceObject
MmCopyMemory
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ZwQuerySystemInformation
PsGetProcessSectionBaseAddress

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 89B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ