ShimDriver64[.]sys

Sharing

Copy URL Twitter E-mail

General

Target

ShimDriver64.sys
Size

11KB
MD5

6745956272ae852d98833105327cf4d7
SHA1

25e42d0a52051dddd3ebe4358712fdce807fe246
SHA256

6ac436e1f73bbe41c786f2165a87219d6b602c5da51b8259110c0731914210dc
SHA512

2f5f5d2a5022a7907204fbc547f6a7bf03ece85f3ebfc2592cb27914a47c6d615659821cf6b192f52c15df3b25665082643fe4a4b0074f6e11a17800bd5422c2
SSDEEP

192:s54Fub2bDyFDeCtpC4g9tmRGXMXjU9KXEnXQ:smFI1dtc4g9IRG80KUnA

Score

1^/10

Malware Config

Signatures

Files

ShimDriver64.sys
.sys windows:10 windows x64 arch:x64

e071d09de1fe38b5bf152fbe7c21999a

Code Sign

38:29:3e:5f:a0:69:fc:56:b7:aa:20:51:95:66:89:a4
Certificate

Issuer

CN=Andrea Allievi Test Certificate,L=Seattle,ST=WA,C=USA

Not Before

01/09/2021, 04:26

Not After

31/12/2039, 23:59

Subject

CN=Andrea Allievi Test Certificate,L=Seattle,ST=WA,C=USA

Extended Key Usages

ExtKeyUsageCodeSigning

8f:d2:66:e5:59:ac:ba:40:24:93:20:15:a7:8b:c9:01:5c:14:d3:3c:96:9b:b8:ce:7e:5e:33:82:a9:50:55:8c
Signer

Actual PE Digest

8f:d2:66:e5:59:ac:ba:40:24:93:20:15:a7:8b:c9:01:5c:14:d3:3c:96:9b:b8:ce:7e:5e:33:82:a9:50:55:8c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\MS\Windows Internals - Book\Apps\ShimDriver\x64\Release\ShimDriver64.pdb

Imports

ntoskrnl.exe

vDbgPrintEx
DbgQueryDebugFilterState
DbgSetDebugFilterState
_stricmp
_wcsicmp
RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlGetVersion
PsGetVersion
RtlImageDirectoryEntryToData

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 81B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 446B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e071d09de1fe38b5bf152fbe7c21999a

Code Sign

38:29:3e:5f:a0:69:fc:56:b7:aa:20:51:95:66:89:a4Certificate

Extended Key Usages

8f:d2:66:e5:59:ac:ba:40:24:93:20:15:a7:8b:c9:01:5c:14:d3:3c:96:9b:b8:ce:7e:5e:33:82:a9:50:55:8cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 81B

.pdata Size: 512B - Virtual size: 216B

INIT Size: 512B - Virtual size: 446B

.rsrc Size: 1024B - Virtual size: 952B

.reloc Size: 512B - Virtual size: 32B

38:29:3e:5f:a0:69:fc:56:b7:aa:20:51:95:66:89:a4
Certificate

8f:d2:66:e5:59:ac:ba:40:24:93:20:15:a7:8b:c9:01:5c:14:d3:3c:96:9b:b8:ce:7e:5e:33:82:a9:50:55:8c
Signer

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 81B

.pdata
Size: 512B - Virtual size: 216B

INIT
Size: 512B - Virtual size: 446B

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 512B - Virtual size: 32B