hwid_spoofer[.]sys

General

Target

hwid_spoofer.sys
Size

13KB
MD5

58084c38b12c40b02980688fe5fdc8e1
SHA1

09c6b2c455daf9208bf9074350755d5e04f3456e
SHA256

15615a245bdb932e0b4f7f71f02f36538a155b84dda8920caa458b535d2e1b3a
SHA512

7be17fcf69c637263a8554a2a58c911e842cc6b4c824c7a874a464e5c9e70cba42ecc4bc3f757af082220d44b5a9cc54a6ea41fc21fac442bf656f0fcf3fd1ee
SSDEEP

192:80e/OXjvcX4G0dHYAsIpuyyKvOBiSdlYDkfp8iG6tYcv9LqBC:XeMv24GTmvOzlYDkf685VLqBC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
hwid_spoofer.sys

Files

hwid_spoofer.sys
.sys windows:10 windows x64 arch:x64

13dd23e359f56e71143c1727fd0895de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Srcs\xenesense\spoofer\build\bin\hwid_spoofer.pdb

Imports

ntoskrnl.exe

RtlInitString
RtlInitUnicodeString
ExAllocatePool
ExAllocatePoolWithTag
ExFreePoolWithTag
IoGetDeviceObjectPointer
ObfDereferenceObject
IoEnumerateDeviceObjectList
_vsnwprintf
ObReferenceObjectByName
strlen
vDbgPrintExWithPrefix
RtlRandomEx
MmMapIoSpace
MmUnmapIoSpace
isupper
islower
isdigit
strstr
KeQueryTimeIncrement
ZwQuerySystemInformation
IoDriverObjectType
strcpy

hal

KeQueryPerformanceCounter

Exports

Exports

?DriverEntry@@YAJPEAU_DRIVER_OBJECT@@PEAU_UNICODE_STRING@@@Z

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

13dd23e359f56e71143c1727fd0895de

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: - Virtual size: 12B

.pdata Size: 512B - Virtual size: 432B

.edata Size: 512B - Virtual size: 128B

INIT Size: 1024B - Virtual size: 752B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 12B

.pdata
Size: 512B - Virtual size: 432B

.edata
Size: 512B - Virtual size: 128B

INIT
Size: 1024B - Virtual size: 752B