udasf[.]sys | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

udasf.sys
Size

13KB
MD5

00c731a532c611e54e82a56390e08060
SHA1

3d281289984df6cb5e66f9e8e67b7d5034c3b7bb
SHA256

20ad5d9abc2eaffb6cd6673215c1b56ddaab600c3d82b4a9c25d199de0a28ab9
SHA512

36c9db59b5c54751b54b3329b2e7ef63642e70e79a3e9828b56ef72159d2e3248a642ca73e6fef93d09bef093687e924147c727c111a5b023c4b248be1389b94
SSDEEP

192:al+uuKYkadK96epQyYcHcZg0kBoVpPIKfhignDiG1g2MvqTEeTC5t:aUD5K96al5VBYpwKThECTEqst

Score

1^/10

Malware Config

Signatures

Files

udasf.sys
.sys windows:10 windows x64 arch:x64

6c016980f130ddbd8eb372a8893a8888

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:39:dd:e1:19:bb:32:0d:fb:9f:5d:ef:e3:f7:12:45
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

10-11-2021 00:00

Not After

09-11-2024 23:59

Subject

CN=Hangil IT Co.\, Ltd,O=Hangil IT Co.\, Ltd,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

82:12:9c:92:44:41:66:d9:3a:41:02:a7:d7:f3:76:8a:d1:9d:82:d6
Signer

Actual PE Digest

82:12:9c:92:44:41:66:d9:3a:41:02:a7:d7:f3:76:8a:d1:9d:82:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\danius\Desktop\km\x64\Release\km.pdb

Imports

ntoskrnl.exe

DbgPrintEx
RtlGetVersion
ExAllocatePoolWithTag
ExFreePoolWithTag
MmUnmapIoSpace
MmMapIoSpaceEx
ObfDereferenceObject
MmCopyMemory
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ZwQuerySystemInformation
PsGetProcessSectionBaseAddress

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 89B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 458B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c016980f130ddbd8eb372a8893a8888

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

01:39:dd:e1:19:bb:32:0d:fb:9f:5d:ef:e3:f7:12:45Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

82:12:9c:92:44:41:66:d9:3a:41:02:a7:d7:f3:76:8a:d1:9d:82:d6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 89B

.pdata Size: 512B - Virtual size: 276B

INIT Size: 512B - Virtual size: 458B

.reloc Size: 512B - Virtual size: 36B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

01:39:dd:e1:19:bb:32:0d:fb:9f:5d:ef:e3:f7:12:45
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

82:12:9c:92:44:41:66:d9:3a:41:02:a7:d7:f3:76:8a:d1:9d:82:d6
Signer

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 89B

.pdata
Size: 512B - Virtual size: 276B

INIT
Size: 512B - Virtual size: 458B

.reloc
Size: 512B - Virtual size: 36B