battleye[.]sys | Triage

Submit
Reports

Overview

overview

1

Static

static

1

battleye.sys

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

battleye.sys

Resource

win10v2004-20240426-en

windows10-2004-x64

4 signatures

150 seconds

General

Target

battleye.sys
Size

6KB
MD5

4d8c41d4af9bb1c3ed29f6681650516e
SHA1

c389edd94f04d76411ada5e4843345bd7c06dcac
SHA256

df21e395c6fad57cc45b1a8314a810ca7247d28cbf76c6b974fabd6d97c18bad
SHA512

6b6f843c6d2976d5e218669797f5aa80af8b054da0f3568ab830a813411e3a53e8f2aa21707721514119b8d36069c4225010fd34972cee421ce1252878ec06bd
SSDEEP

96:KSKiAQ7PKo7YtXEc+KSSy8xPoZI1g7Q/zZwU/CM:KSjAQbKsmEc+PbqEt7Gzp/H

Score

1^/10

Malware Config

Signatures

Files

battleye.sys
.sys windows:10 windows x64 arch:x64

a3fc15df0095a1a39e807fbd1ab75c38

Code Sign

8d:b7:d8:61:21:59:8f:20
Certificate

Issuer

CN=385a920c-b903-4856-9fb8-4085487b8d00

Not Before

04/09/2021, 12:00

Not After

05/09/2022, 00:00

Subject

CN=385a920c-b903-4856-9fb8-4085487b8d00

f1:4c:d2:6c:43:ad:15:a6:f8:8e:e2:41:ea:86:1c:d6:33:ef:2b:11
Signer

Actual PE Digest

f1:4c:d2:6c:43:ad:15:a6:f8:8e:e2:41:ea:86:1c:d6:33:ef:2b:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\nicov\OneDrive\Desktop\Spoofer Source\Driver\build\bin\Premium.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
ObfDereferenceObject
ObReferenceObjectByName
IoDriverObjectType
strstr
ZwQuerySystemInformation

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2025

Terms | Privacy