Wdf010000[.]sys

Sharing

Copy URL

Twitter E-mail

General

Target

Wdf010000.sys
Size

7.9MB
MD5

d7103ddcefe6b813175aafc7a8121dd5
SHA1

85d1da1fa157c6f448986d62d24b2cd28eb92b3c
SHA256

5f17f737161c58d5b68e4a03edab2286333d3ae13dc9e1f5376a6e188920939c
SHA512

82532f429510c2c08bbddf28621154b57c0874ec47df428225bffd310492996f23e1331578fbabaf8862d1d5ebefef5acfb86efcc62abe2256e71c0670d6e06b
SSDEEP

196608:Jj1bWk7Yhc17Ps+GoAWtgQc1/5O84xC5f:J4k7Y87Ngbf

Score

1^/10

Malware Config

Signatures

Files

Wdf010000.sys
.sys windows:10 windows x64 arch:x64

cb5763a9ce0e8663fba9608ab52c85f9

Code Sign

3f:96:e6:9e:86:f1:58:69:ba:b4:9b:42:7e:e5:70:e4
Certificate

Issuer

CN=Trinity

Not Before

01-05-2024 17:34

Not After

31-12-2039 23:59

Subject

CN=Trinity

5e:21:ea:f9:e6:0c:46:f7:73:83:4c:ab:c3:e3:4e:00:5a:57:b0:db
Signer

Actual PE Digest

5e:21:ea:f9:e6:0c:46:f7:73:83:4c:ab:c3:e3:4e:00:5a:57:b0:db

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExFreePoolWithTag
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

wdfldr.sys

WdfVersionUnbind

hal

KeQueryPerformanceCounter

Sections

.text
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 776B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.TRINITY
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.TRINITY
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TRINITY
Size: 7.9MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb5763a9ce0e8663fba9608ab52c85f9

Code Sign

3f:96:e6:9e:86:f1:58:69:ba:b4:9b:42:7e:e5:70:e4Certificate

5e:21:ea:f9:e6:0c:46:f7:73:83:4c:ab:c3:e3:4e:00:5a:57:b0:dbSigner

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

wdfldr.sys

hal

Sections

.text Size: - Virtual size: 11KB

.rdata Size: - Virtual size: 2KB

.data Size: - Virtual size: 13KB

.pdata Size: - Virtual size: 540B

INIT Size: - Virtual size: 776B

.TRINITY Size: - Virtual size: 4.7MB

.TRINITY Size: 512B - Virtual size: 488B

.TRINITY Size: 7.9MB - Virtual size: 7.9MB

.reloc Size: 512B - Virtual size: 276B

3f:96:e6:9e:86:f1:58:69:ba:b4:9b:42:7e:e5:70:e4
Certificate

5e:21:ea:f9:e6:0c:46:f7:73:83:4c:ab:c3:e3:4e:00:5a:57:b0:db
Signer

.text
Size: - Virtual size: 11KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 13KB

.pdata
Size: - Virtual size: 540B

INIT
Size: - Virtual size: 776B

.TRINITY
Size: - Virtual size: 4.7MB

.TRINITY
Size: 512B - Virtual size: 488B

.TRINITY
Size: 7.9MB - Virtual size: 7.9MB

.reloc
Size: 512B - Virtual size: 276B