3d461958429837445a013252f9c7c492235513c8cecb31686dd487d00218870a

Sharing

Copy URL Twitter E-mail

General

Target

3d461958429837445a013252f9c7c492235513c8cecb31686dd487d00218870a
Size

112KB
MD5

077c987760bbff1a2b9332f4ef668819
SHA1

bd43b97046f7eb4721ee791afea4642c79dbf573
SHA256

3d461958429837445a013252f9c7c492235513c8cecb31686dd487d00218870a
SHA512

6895b99475ccef2f5e1e9cb26812c26dfdc7aa0921badc033c060e51689f744facad6bf2aa75cc08068b0c983a4c475524c80115c74ee3a0791883c318384265
SSDEEP

1536:vZPZXiR8ChzrrZChkrrmBef63ldEmOlWN0QfSdsj8HbvoleyLmDeXQBDZuhPQVS8:ziRHrYhk3S3ldEjIN0QfNM7o1AeuS8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/rxfcv.sys

Files

3d461958429837445a013252f9c7c492235513c8cecb31686dd487d00218870a
.zip
rxfcv.sys
.sys windows:10 windows x64 arch:x64

58ecbaaab3100bdda10da5c8f0945a4d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\PROJECT\FancyCache\release\drv\winlh\amd64\rxfcv_srv_raw.pdb

Imports

rxbsknl.sys

RxbsCreateHyperDevice
RxbsCloseHyperDevice
RxbsSetParamHyperSystem
RxbsGetParamHyperSystem
RxbsStartHyperSystem
RxbsGetHyperSystemState
RxbsConnectHyperSystem
RxbsDisconnectHyperSystem

ntoskrnl.exe

KeSetPriorityThread
KeWaitForSingleObject
ExFreePoolWithTag
ExInterlockedRemoveHeadList
PsTerminateSystemThread
KeInitializeEvent
KeInitializeGuardedMutex
KeAcquireGuardedMutex
KeReleaseGuardedMutex
ExAllocatePoolWithTag
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
IoAllocateMdl
IoFreeMdl
RtlCompareMemory
ExUuidCreate
RtlInitUnicodeString
KeClearEvent
KeSetEvent
ExInterlockedInsertTailList
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoRegisterShutdownNotification
IoRegisterLastChanceShutdownNotification
IoUnregisterShutdownNotification
ObfDereferenceObject
RtlCopyUnicodeString
IoAttachDeviceToDeviceStack
IoBuildSynchronousFsdRequest
IofCallDriver
IoInitializeRemoveLockEx
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
IoRegisterDeviceInterface
ZwClose
IoRegisterBootDriverReinitialization
IoRegisterDriverReinitialization
IoGetAttachedDevice
InitSafeBootMode
IoReleaseRemoveLockAndWaitEx
KeInitializeDpc
KeFlushQueuedDpcs
KeInitializeTimer
KeCancelTimer
KeSetTimerEx
KeInsertQueue
RtlFreeUnicodeString
RtlStringFromGUID
ZwEnumerateValueKey
ZwSetValueKey
KeReadStateEvent
KeReadStateTimer
KeSetTimer
KeWaitForMultipleObjects
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
KeQueryActiveProcessorCount
KeDelayExecutionThread
IoAllocateIrp
IoBuildPartialMdl
IoFreeIrp
KeRemoveQueue
ExAllocatePoolWithTagPriority
ZwQueryValueKey
KeEnterCriticalRegion
KeLeaveCriticalRegion
IoDetachDevice
IoSetDeviceInterfaceState
ZwCreateFile
ZwOpenFile
ZwQueryInformationFile
ZwReadFile
ZwWriteFile
ZwDeleteFile
_vsnwprintf
RtlAppendUnicodeStringToString
KdDisableDebugger
KdEnableDebugger
ZwCreateSection
ZwMapViewOfSection
ZwUnmapViewOfSection
KdDebuggerEnabled
_strnicmp
RtlGUIDFromString
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
ZwCreateKey
ZwOpenKey
ZwDeleteValueKey
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
RtlSetOwnerSecurityDescriptor
ZwSetSecurityObject
ObReferenceObjectByName
SeExports
KeGetCurrentIrql
IoGetStackLimits
ExEventObjectType
ExWindowStationObjectType
KeBugCheckEx
KeRevertToUserAffinityThreadEx
KeSetSystemAffinityThreadEx
MmBuildMdlForNonPagedPool
MmAllocatePagesForMdlEx
MmFreePagesFromMdl
MmCreateMdl
MmGetPhysicalMemoryRanges
ZwQuerySystemInformation
PsCreateSystemThread
ObReferenceObjectByHandle
KeInitializeQueue
KeRundownQueue
wcschr
RtlUnicodeStringToInteger
RtlEqualUnicodeString
IoAllocateErrorLogEntry
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
IoWriteErrorLogEntry
IoOpenDeviceRegistryKey
ObfReferenceObject
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
RtlPrefixUnicodeString
RtlQueryRegistryValues
MmGetSystemRoutineAddress
RtlCompareUnicodeString

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

EXTRA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.juno
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

58ecbaaab3100bdda10da5c8f0945a4d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rxbsknl.sys

ntoskrnl.exe

Sections

.text Size: 121KB - Virtual size: 120KB

EXTRA Size: 10KB - Virtual size: 9KB

CPATA Size: 4KB - Virtual size: 4KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 6KB - Virtual size: 6KB

PAGE Size: 2KB - Virtual size: 2KB

INIT Size: 16KB - Virtual size: 16KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 196B

.juno Size: 4KB - Virtual size: 4KB

.text
Size: 121KB - Virtual size: 120KB

EXTRA
Size: 10KB - Virtual size: 9KB

CPATA
Size: 4KB - Virtual size: 4KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 6KB - Virtual size: 6KB

PAGE
Size: 2KB - Virtual size: 2KB

INIT
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 196B

.juno
Size: 4KB - Virtual size: 4KB