dc3d[.]sys | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

dc3d.sys
Size

46KB
MD5

7af9dac504fbd047cbc3e64ae52c92bf
SHA1

ab953accd124e244d4ddbef5facebda00eaf9061
SHA256

ca8f9564733ded4c3895cf7150bb254995d66889e6be08d6654e4f897e4ff7a4
SHA512

24df61011a5b30bbed11f625fafb878e410ac18bebaf0e737710022a6e156876ddd4d780b3512358c748fb78629fa18156a977fbbacfde4aa99a72826287b6c8
SSDEEP

768:13no8gvXMns9U4PHMlT6GTbaw7bJhYMRoAnAWjd4s/3qbrbLcwiTg3iGyG7Sld7:lodfEC2ugrAcS2G7Q5

Score

1^/10

Malware Config

Signatures

Files

dc3d.sys
.sys windows:6 windows x64 arch:x64

5259b7bf7a101cf18a40c1d0272088f5

Code Sign

5c:d2:2a:66:aa:db:f6:6f:bd:89:10:24:f4:70:41:5e
Certificate

Issuer

CN=Hardware Group Test Cert

Not Before

27/09/2006, 02:03

Not After

31/12/2039, 23:59

Subject

CN=Hardware Group Test Cert

8c:3c:a9:db:9c:ed:74:d8:03:99:6e:35:02:f8:57:06:94:b3:05:2e
Signer

Actual PE Digest

8c:3c:a9:db:9c:ed:74:d8:03:99:6e:35:02:f8:57:06:94:b3:05:2e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\itpipcxtmain\source\sys\dc3d\src\objfre_wnet_amd64\amd64\dc3d.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
RtlIntegerToUnicodeString
MmGetSystemRoutineAddress
RtlAppendUnicodeToString
ZwSetValueKey
RtlFreeUnicodeString
ZwCreateFile
PsCreateSystemThread
RtlGUIDFromString
ZwClose
IoUnregisterPlugPlayNotification
ZwReadFile
RtlCompareMemory
RtlUnicodeStringToInteger
IoOpenDeviceRegistryKey
ZwEnumerateKey
ZwQueryKey
ZwOpenKey
KeBugCheckEx
RtlCopyUnicodeString
IoRegisterPlugPlayNotification
IoWMIWriteEvent
ExFreePoolWithTag
IoWMIRegistrationControl
RtlStringFromGUID
RtlCompareUnicodeString
ExAllocatePoolWithTag

hidparse.sys

HidP_GetCaps

wdfldr.sys

WdfVersionUnbind
WdfVersionBind
WdfVersionBindClass
WdfVersionUnbindClass

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5259b7bf7a101cf18a40c1d0272088f5

Code Sign

5c:d2:2a:66:aa:db:f6:6f:bd:89:10:24:f4:70:41:5eCertificate

8c:3c:a9:db:9c:ed:74:d8:03:99:6e:35:02:f8:57:06:94:b3:05:2eSigner

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hidparse.sys

wdfldr.sys

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 4KB

.pdata Size: 1024B - Virtual size: 1020B

PAGE Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 202B

5c:d2:2a:66:aa:db:f6:6f:bd:89:10:24:f4:70:41:5e
Certificate

8c:3c:a9:db:9c:ed:74:d8:03:99:6e:35:02:f8:57:06:94:b3:05:2e
Signer

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 1020B

PAGE
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 202B