EAC[.]sys | Triage

Resubmissions

10-05-2024 10:53

240510-myyn1aac5x 1

Sharing

Copy URL

Twitter E-mail

General

Target

EAC.sys
Size

7KB
MD5

ddbc5f3d909c7be5add59c856e8bef0a
SHA1

28f58aa695e4b3fe3ee6eea008fc2c4802a56230
SHA256

f005fd5e3c98ed50c7dfde4d8c49ddbb6284282893698e6a3efcc34e61a2bbc7
SHA512

b15f7734fc598d976d257997b32f7cf576a4d2c76bd39e22638f741058daf6c66a34b55626a85bbcbdb3448fea4085e100ac4c19b98e26c095f83a9641c702be
SSDEEP

96:IldmoeiNRfX/U7PIo7oUGEc+KSSy8xZ7t14yuapa5W5unaGzZwELWI:IyENRfX/UbIseEc+Pbix1pvUWYzRp

Score

1^/10

Malware Config

Signatures

Files

EAC.sys
.sys windows:10 windows x64 arch:x64

5abdf27dc7eef75598dd097a2f3b7c99

Code Sign

8d:b7:d8:61:21:59:8f:20
Certificate

Issuer

CN=385a920c-b903-4856-9fb8-4085487b8d00

Not Before

04-09-2021 12:00

Not After

05-09-2022 00:00

Subject

CN=385a920c-b903-4856-9fb8-4085487b8d00

4d:2d:df:95:50:8b:dc:53:c6:75:d6:f8:45:75:cf:df:87:15:1d:47
Signer

Actual PE Digest

4d:2d:df:95:50:8b:dc:53:c6:75:d6:f8:45:75:cf:df:87:15:1d:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\nicov\OneDrive\Desktop\Spoofer Source\Driver\build\bin\Premium.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
ObfDereferenceObject
IoEnumerateDeviceObjectList
ObReferenceObjectByName
IoDriverObjectType
vDbgPrintExWithPrefix
MmMapIoSpace
MmUnmapIoSpace
strstr
KeQueryTimeIncrement
RtlRandomEx
ZwQuerySystemInformation

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 478B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

5abdf27dc7eef75598dd097a2f3b7c99

Code Sign

8d:b7:d8:61:21:59:8f:20Certificate

4d:2d:df:95:50:8b:dc:53:c6:75:d6:f8:45:75:cf:df:87:15:1d:47Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 1024B - Virtual size: 852B

.pdata Size: 512B - Virtual size: 168B

INIT Size: 512B - Virtual size: 478B

8d:b7:d8:61:21:59:8f:20
Certificate

4d:2d:df:95:50:8b:dc:53:c6:75:d6:f8:45:75:cf:df:87:15:1d:47
Signer

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 852B

.pdata
Size: 512B - Virtual size: 168B

INIT
Size: 512B - Virtual size: 478B