XbSvchost[.]sys

Sharing

Copy URL Twitter E-mail

General

Target

XbSvchost.sys
Size

18KB
MD5

51315565b5a8e65b9f8e33c33217ab9e
SHA1

4f938740f8d66b06e57517ec722284994f4f4214
SHA256

1829c639a836dbbe2333fbab0642b60ccf850fa8d0188fb32d42abb4ca5755d3
SHA512

0919359f5c399c62b6f0a726f708a3a136050eec21bd8e9f7e062cb14fd8f5ceee7d10b9ad9071ed2550c1c9ddfb6ac19d468caf7b28f1571c4ba22a39207dce
SSDEEP

384:pgPmefs9kFiRz3x3ID7HBjG+udY6j2ZrsuY8Q:yXs9WiRD+7KdLCrR

Score

1^/10

Malware Config

Signatures

Files

XbSvchost.sys
.sys windows:10 windows x64 arch:x64

720e565b52ea3060f0b8df3c54201145

Code Sign

3c:58:83:bd:1d:bc:d5:82:ad:41:c8:77:8e:4f:56:d9
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

28/11/2013, 00:00

Not After

28/11/2014, 23:59

Subject

CN=Beijing Kate Zhanhong Technology Co.\,Ltd.,O=Beijing Kate Zhanhong Technology Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:1f:b0:a4:00:00:00:00:00:1d
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:31

Not After

22/02/2021, 19:41

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:d5:d6:0a:3c:8c:f9:ae:56:3d:36:1b:14:a9:c8:a5:b6:99:22:63
Signer

Actual PE Digest

23:d5:d6:0a:3c:8c:f9:ae:56:3d:36:1b:14:a9:c8:a5:b6:99:22:63

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\rapha\Downloads\Driver-HWID-btbd-modified-main\x64\Release\Kernel.pdb

Imports

ntoskrnl.exe

wcsstr
RtlInitUnicodeString
DbgPrint
KeInitializeEvent
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
MmMapLockedPages
IoBuildDeviceIoControlRequest
IofCallDriver
IoGetAttachedDeviceReference
IoGetDeviceObjectPointer
ObfDereferenceObject
RtlRandomEx
IoEnumerateDeviceObjectList
ObQueryNameString
swprintf
ObReferenceObjectByName
IoDriverObjectType
tolower
strstr
MmCopyMemory
ZwQuerySystemInformation

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

720e565b52ea3060f0b8df3c54201145

Code Sign

3c:58:83:bd:1d:bc:d5:82:ad:41:c8:77:8e:4f:56:d9Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

61:1f:b0:a4:00:00:00:00:00:1dCertificate

Key Usages

23:d5:d6:0a:3c:8c:f9:ae:56:3d:36:1b:14:a9:c8:a5:b6:99:22:63Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 1024B - Virtual size: 964B

.data Size: 512B - Virtual size: 12KB

.pdata Size: 512B - Virtual size: 348B

INIT Size: 1024B - Virtual size: 720B

3c:58:83:bd:1d:bc:d5:82:ad:41:c8:77:8e:4f:56:d9
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

61:1f:b0:a4:00:00:00:00:00:1d
Certificate

23:d5:d6:0a:3c:8c:f9:ae:56:3d:36:1b:14:a9:c8:a5:b6:99:22:63
Signer

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 1024B - Virtual size: 964B

.data
Size: 512B - Virtual size: 12KB

.pdata
Size: 512B - Virtual size: 348B

INIT
Size: 1024B - Virtual size: 720B