eogrongi[.]sys

Sharing

Copy URL Twitter E-mail

General

Target

eogrongi.sys
Size

51KB
MD5

79534331d05dfd0f747e1c129f9607e3
SHA1

df3f7e79fb76ea9a7e92633d59cc9f6e5be7caf0
SHA256

41989526b4eb8d60a5e158f835ee90eea5fe4e499705109317cd6f72114c852f
SHA512

8a2fce06531491950cc7edf596583980a522f76785b535ce3ed357c967e778be8120f81956a433b0340c148e1db25a90f88252be96ef2cc0b171e49c5237dcae
SSDEEP

768:bzoEFy8FCGNXfBeu179RYuQos6S0ZlPjtU1P+9zF:zy8FCQB3179RYNos6/TjtkP6zF

Score

1^/10

Malware Config

Signatures

Files

eogrongi.sys
.sys windows:10 windows x64 arch:x64

ab984c67b3f5ae12fa0e91909a378b14

Code Sign

33:00:00:03:8c:38:5d:5c:2e:74:83:cc:fb:00:00:00:00:03:8c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:df:09:41:b0:03:73:e5:ff:19:e1:72:ee:d2:46:29:22:c3:2d:24:14:5a:64:0a:6f:aa:78:db:be:78:e3:50
Signer

Actual PE Digest

3d:df:09:41:b0:03:73:e5:ff:19:e1:72:ee:d2:46:29:22:c3:2d:24:14:5a:64:0a:6f:aa:78:db:be:78:e3:50

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

BTR.pdb

Imports

ntoskrnl.exe

ZwQueryKey
ZwEnumerateKey
ZwOpenKey
NtClose
ZwDeleteKey
RtlInitUnicodeString
ZwDeleteValueKey
ZwCreateKey
ZwSetValueKey
ZwQueryValueKey
_vsnwprintf
NtCreateFile
NtOpenFile
NtReadFile
NtWriteFile
NtQueryInformationFile
NtSetInformationFile
ZwDeleteFile
ZwClose
MmGetSystemRoutineAddress
RtlGetVersion
ExAllocatePoolWithTag
ExFreePoolWithTag
KeBugCheckEx

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 914B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 7B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 1024B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab984c67b3f5ae12fa0e91909a378b14

Code Sign

33:00:00:03:8c:38:5d:5c:2e:74:83:cc:fb:00:00:00:00:03:8cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

3d:df:09:41:b0:03:73:e5:ff:19:e1:72:ee:d2:46:29:22:c3:2d:24:14:5a:64:0a:6f:aa:78:db:be:78:e3:50Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 1024B - Virtual size: 120B

.pdata Size: 1024B - Virtual size: 552B

.idata Size: 1024B - Virtual size: 914B

PAGE Size: 1024B - Virtual size: 7B

INIT Size: 2KB - Virtual size: 1KB

GFIDS Size: 1024B - Virtual size: 20B

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 1024B - Virtual size: 440B

33:00:00:03:8c:38:5d:5c:2e:74:83:cc:fb:00:00:00:00:03:8c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

3d:df:09:41:b0:03:73:e5:ff:19:e1:72:ee:d2:46:29:22:c3:2d:24:14:5a:64:0a:6f:aa:78:db:be:78:e3:50
Signer

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 1024B - Virtual size: 120B

.pdata
Size: 1024B - Virtual size: 552B

.idata
Size: 1024B - Virtual size: 914B

PAGE
Size: 1024B - Virtual size: 7B

INIT
Size: 2KB - Virtual size: 1KB

GFIDS
Size: 1024B - Virtual size: 20B

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 1024B - Virtual size: 440B