b4vczt[.]sys | Triage

Resubmissions

13/08/2024, 15:40

240813-s396gssapg 3

13/08/2024, 15:38

240813-s3d32swhjm 3

13/08/2024, 15:36

240813-s1vysa1hnc 3

Sharing

General

Target

b4vczt.sys
Size

7KB
MD5

b5c5e29bff40052e9356e443d733f9cd
SHA1

d00dfbc21f84727fb71c309c0efda969e64bf06f
SHA256

a8df210c0dcc6503c9e28af032ab88f117195367ae4ad32652ae5dbeb017a540
SHA512

d20009f0ddd69c451af363210218710aec850a8e47126955a61f16e003487b8b26f9ce69a6fde0081d07e9e04cfd2753758c7716751aadbe4534f57fa4f63aa6
SSDEEP

48:aq7mSYPA5HUmboHZq7UmSObiEbU3LIxlX4J3LFIpBHjq1h7nLvxeU4MHoouKlhIW:tuPQpSObD4LIL4VRSHWj72MH7/mKmR0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4vczt.sys

Files

b4vczt.sys
.sys windows:10 windows x64 arch:x64

bb63c7f3484b3dc385f6089ea4efcd8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\fortnite shit lol\fud-eac-driver-main\fud-eac-driver-main\x64\Release\drvrecode_eac.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
MmUnmapIoSpace
MmMapIoSpaceEx
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
ObfDereferenceObject
MmGetPhysicalMemoryRanges
MmCopyMemory
MmGetVirtualForPhysical
PsLookupProcessByProcessId
IoCreateDriver
PsGetProcessSectionBaseAddress

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 466B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ