dragmeintomap[.]sys

Sharing

Copy URL Twitter E-mail

General

Target

dragmeintomap.sys
Size

9KB
MD5

7c68202c96758c688759167cbf34504f
SHA1

d3873690352182929103d2a438e17f03d1a3ef0f
SHA256

4aaebc9be4d0435db29acecb4f23a502596ac48bd71fa1c0609b25991552c65d
SHA512

edd1dedadd1ec40ff7bba8baa3a48a8de39fa6dd45299235bb05220f0ca76b6f7073550fbd6243fca9e421944795fbb1a2ecb53581d35fc8f46667f3818c111d
SSDEEP

96:tUwaRL++1pec1eHyiSHWj7TqG6lkbKOR7L2s8nd14MhS8ekK:tULRL+6pXeHyiYcH9bTR23d1TS8ekK

Score

1^/10

Malware Config

Signatures

Files

dragmeintomap.sys
.sys windows:10 windows x64 arch:x64

e31d711c23ac9c81c4461214fd158d57

Code Sign

7b:99:9b:51:54:39:19:ab:4f:c4:6d:33:42:fd:58:8d
Certificate

Issuer

CN=WDKTestCert destroylonely\,133528397449452804

Not Before

19/02/2024, 18:09

Not After

19/02/2034, 00:00

Subject

CN=WDKTestCert destroylonely\,133528397449452804

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

3e:31:55:9a:45:f8:55:de:ff:ad:cf:90:61:76:a7:4b:b4:9e:96:30:2c:9d:cf:d5:f2:30:5e:b2:fd:5b:16:0f
Signer

Actual PE Digest

3e:31:55:9a:45:f8:55:de:ff:ad:cf:90:61:76:a7:4b:b4:9e:96:30:2c:9d:cf:d5:f2:30:5e:b2:fd:5b:16:0f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\destroylonely\Desktop\neith\build\driver\neith-driver.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
RtlGetVersion
MmUnmapIoSpace
MmMapIoSpaceEx
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
MmCopyMemory
PsLookupProcessByProcessId
IoCreateDriver

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e31d711c23ac9c81c4461214fd158d57

Code Sign

7b:99:9b:51:54:39:19:ab:4f:c4:6d:33:42:fd:58:8dCertificate

Extended Key Usages

Key Usages

3e:31:55:9a:45:f8:55:de:ff:ad:cf:90:61:76:a7:4b:b4:9e:96:30:2c:9d:cf:d5:f2:30:5e:b2:fd:5b:16:0fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 64B

.pdata Size: 512B - Virtual size: 204B

INIT Size: 512B - Virtual size: 436B

.reloc Size: 512B - Virtual size: 36B

7b:99:9b:51:54:39:19:ab:4f:c4:6d:33:42:fd:58:8d
Certificate

3e:31:55:9a:45:f8:55:de:ff:ad:cf:90:61:76:a7:4b:b4:9e:96:30:2c:9d:cf:d5:f2:30:5e:b2:fd:5b:16:0f
Signer

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 64B

.pdata
Size: 512B - Virtual size: 204B

INIT
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 36B