Kernel[.]sys | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Kernel.sys
Size

8KB
MD5

268bb086ab10c2eb2dadf599baffa49d
SHA1

892657902154bcc7876d46ec45e37bcccfc73632
SHA256

4ca431e40ea5ef1ec59adcb81608080aba4768ba15d2a759b3e78792398f4b51
SHA512

284b2aa2f0ab4a49e9e7a4c6ad671cd07015800d5358cbc5aac3e3089dd13079793b3437b521d43de95a577d74b4623bfa6a7127e53de1413811210e389fc5ae
SSDEEP

96:AQ9RY/AqvARfokZr7o7PV91e7zQG7cMRlvOgModV3aDCyu/QpFf4KQNVo4Nd:Ae6/AyUwkZr7spe7zlRDbyGKQKQNq4n

Score

1^/10

Malware Config

Signatures

Files

Kernel.sys
.sys windows:10 windows x64 arch:x64

7f4fbf2eff8ca22fccbb5ee0c2b7d751

Code Sign

77:c4:10:57:4c:0a:70:8c:44:c1:61:80:a5:96:ac:0c
Certificate

Issuer

CN=WDKTestCert Raccy\,133552623144228441

Not Before

18/03/2024, 19:05

Not After

18/03/2034, 00:00

Subject

CN=WDKTestCert Raccy\,133552623144228441

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

7c:8f:ed:a2:20:7b:01:5a:35:1f:e2:4d:ee:75:4d:2f:7c:eb:ae:83:bc:f9:4c:11:32:a0:1c:c5:30:cf:4a:a2
Signer

Actual PE Digest

7c:8f:ed:a2:20:7b:01:5a:35:1f:e2:4d:ee:75:4d:2f:7c:eb:ae:83:bc:f9:4c:11:32:a0:1c:c5:30:cf:4a:a2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Raccy\Desktop\kernel\build\bin\Victory.pdb

Imports

ntoskrnl.exe

RtlInitString
RtlInitUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
IoGetDeviceObjectPointer
ObfDereferenceObject
IoEnumerateDeviceObjectList
_vsnwprintf
ObReferenceObjectByName
IoDriverObjectType
strstr
KeQueryTimeIncrement
RtlRandomEx
ZwQuerySystemInformation

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 478B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7f4fbf2eff8ca22fccbb5ee0c2b7d751

Code Sign

77:c4:10:57:4c:0a:70:8c:44:c1:61:80:a5:96:ac:0cCertificate

Extended Key Usages

Key Usages

7c:8f:ed:a2:20:7b:01:5a:35:1f:e2:4d:ee:75:4d:2f:7c:eb:ae:83:bc:f9:4c:11:32:a0:1c:c5:30:cf:4a:a2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1024B - Virtual size: 824B

.data Size: 512B - Virtual size: 16B

.pdata Size: 512B - Virtual size: 168B

INIT Size: 512B - Virtual size: 478B

77:c4:10:57:4c:0a:70:8c:44:c1:61:80:a5:96:ac:0c
Certificate

7c:8f:ed:a2:20:7b:01:5a:35:1f:e2:4d:ee:75:4d:2f:7c:eb:ae:83:bc:f9:4c:11:32:a0:1c:c5:30:cf:4a:a2
Signer

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1024B - Virtual size: 824B

.data
Size: 512B - Virtual size: 16B

.pdata
Size: 512B - Virtual size: 168B

INIT
Size: 512B - Virtual size: 478B