LeCrud64[.]sys

Sharing

Copy URL Twitter E-mail

General

Target

LeCrud64.sys
Size

46KB
MD5

3e5c48ee4bdd6229f6bef52e940af600
SHA1

f8dc06c1fda53ee0f64306ad76c070ab2f5b2350
SHA256

f3046cf53ef29e9882918978310680497a1a329076c046697b4a1312f590fc09
SHA512

b9c289c6f301a32bc719cecb8aba99bf32539467f1e3762dacbd529339e0c9d5946235f98dfb9c3d5f9f07a7e4c4714236fe570d71aeb33c091c894576d6b0f8
SSDEEP

768:m1aGDGmA4cTr5efxS4EyRuaCjeLmNGUooNzYieNdVPxWEGg5x9z4cOo:GqeEfeLKo2z7enVPxP5jzgo

Score

1^/10

Malware Config

Signatures

Files

LeCrud64.sys
.sys windows:10 windows x64 arch:x64

3f41287aad009a43ce9724f98d19d48f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:d8:cd:2d:56:f8:32:54:70:b2:85:e8:22:75:fd:53
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

20/02/2023, 00:00

Not After

02/03/2024, 23:59

Subject

SERIALNUMBER=3912990,CN=LENOVO (UNITED STATES) INC.,OU=G09,O=LENOVO (UNITED STATES) INC.,L=Morrisville,ST=North Carolina,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:f3:15:8e:a5:7d:1c:55:9f:29:00:00:00:00:00:f3
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/01/2023, 19:14

Not After

15/12/2023, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:95:c6:30:72:ed:30:bd:79:50:2f:9b:3d:66:ce:36:6b:78:15:a6:21:ed:2f:f8:7a:45:32:1c:4d:fc:49:2b
Signer

Actual PE Digest

74:95:c6:30:72:ed:30:bd:79:50:2f:9b:3d:66:ce:36:6b:78:15:a6:21:ed:2f:f8:7a:45:32:1c:4d:fc:49:2b

Digest Algorithm

sha256

PE Digest Matches

true

74:95:c6:30:72:ed:30:bd:79:50:2f:9b:3d:66:ce:36:6b:78:15:a6:21:ed:2f:f8:7a:45:32:1c:4d:fc:49:2b
Signer

Actual PE Digest

74:95:c6:30:72:ed:30:bd:79:50:2f:9b:3d:66:ce:36:6b:78:15:a6:21:ed:2f:f8:7a:45:32:1c:4d:fc:49:2b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\BuildDriver\LECRUD_20_Formal\x64\Release\LECRUD64.pdb

Imports

ntoskrnl.exe

tolower
strnlen
strncmp
RtlInitUnicodeString
DbgPrint
ExAllocatePoolWithTag
ExFreePoolWithTag
MmProbeAndLockPages
MmUnlockPages
MmBuildMdlForNonPagedPool
MmMapIoSpace
MmUnmapIoSpace
MmAllocateContiguousMemory
MmFreeContiguousMemory
IoAllocateMdl
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
IoGetCurrentProcess
MmGetPhysicalAddress
PsGetProcessImageFileName
__C_specific_handler
ZwCreateKey
MmGetSystemRoutineAddress
ZwClose
ZwSetSecurityObject
IoDeviceObjectType
IoCreateDevice
ObOpenObjectByPointer
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
SeCaptureSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeExports
RtlCreateSecurityDescriptor
_wcsnicmp
wcschr
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
RtlLengthSid
IoIsWdmVersionAvailable
RtlSetDaclSecurityDescriptor
ZwOpenKey
ZwSetValueKey
ZwQueryValueKey
RtlFreeUnicodeString

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f41287aad009a43ce9724f98d19d48f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:d8:cd:2d:56:f8:32:54:70:b2:85:e8:22:75:fd:53Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

33:00:00:00:f3:15:8e:a5:7d:1c:55:9f:29:00:00:00:00:00:f3Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

74:95:c6:30:72:ed:30:bd:79:50:2f:9b:3d:66:ce:36:6b:78:15:a6:21:ed:2f:f8:7a:45:32:1c:4d:fc:49:2bSigner

74:95:c6:30:72:ed:30:bd:79:50:2f:9b:3d:66:ce:36:6b:78:15:a6:21:ed:2f:f8:7a:45:32:1c:4d:fc:49:2bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 940B

.pdata Size: 1024B - Virtual size: 600B

PAGE Size: 13KB - Virtual size: 12KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 44B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:d8:cd:2d:56:f8:32:54:70:b2:85:e8:22:75:fd:53
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

33:00:00:00:f3:15:8e:a5:7d:1c:55:9f:29:00:00:00:00:00:f3
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

74:95:c6:30:72:ed:30:bd:79:50:2f:9b:3d:66:ce:36:6b:78:15:a6:21:ed:2f:f8:7a:45:32:1c:4d:fc:49:2b
Signer

74:95:c6:30:72:ed:30:bd:79:50:2f:9b:3d:66:ce:36:6b:78:15:a6:21:ed:2f:f8:7a:45:32:1c:4d:fc:49:2b
Signer

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 940B

.pdata
Size: 1024B - Virtual size: 600B

PAGE
Size: 13KB - Virtual size: 12KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 44B