sys_new | Triage

Resubmissions

23-04-2024 00:15

240423-akbwvsab3s 3

23-04-2024 00:13

240423-ahyb3shh99 3

23-04-2024 00:08

240423-aexalshh84 3

Sharing

General

Target

sys_new
Size

288KB
MD5

3cf64c74b24cc396a0327ab5d49cd91f
SHA1

7ee4c4161af0a5678c897bc5643d621a1276c882
SHA256

6469994e8215cea23f61ae3479f938afc5bdb7c83ff35e0381f90d9d3dd133e8
SHA512

bc6d5e3f4133acec49dde8b87d265df1f3119229681d69f5a16d38f734e2b7b1e9d0443550c4c3dd5688637a7665346b2e0771fe3c55e62d8cdf72a17c068512
SSDEEP

1536:GgTG7acgEVHeuImdaE0vLl/MsP1NgSQ+cEH6Sgb34Zm:VyrImdaEICs9N/Q+cWP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sys_new

Files

sys_new
.sys windows:5 windows x86 arch:x86

751ab0cb74ef2b289d0530acd7ca9ea1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeAnsiString
RtlEqualUnicodeString
RtlUnicodeStringToAnsiString
RtlImageNtHeader
RtlAnsiStringToUnicodeString
RtlInitAnsiString
DbgPrint
ExAllocatePool
IoGetFileObjectGenericMapping
NtUnlockFile
IoGetInitialStack
IoGetStackLimits
IoGetCurrentProcess
RtlAssert
RtlImageDirectoryEntryToData
memcpy
strcmp

hal

KeGetCurrentIrql

ndis.sys

NdisSystemProcessorCount

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192B - Virtual size: 186B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 608B - Virtual size: 600B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 608B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ