WIN32M[.]SYS | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WIN32M.SYS
Size

19KB
MD5

2b444ac5209a8b4140dd6b747a996653
SHA1

645678c4ed9bbdd641c4ff4dcb1825c262b2d879
SHA256

07fc80ecaa8f12f0d57fbf9627d5505b8f969a84fc3907c31dd68f5022edf643
SHA512

9adf7d3e218110323f2a5930cb2bfaf2b948b45947ad951ac43619b1440031b77bd61c43719a00085bae0337746458b6e9e6729885503e8a5295086f15b3a362
SSDEEP

384:mW6zVHq5e++W54JQodUx5hb0iTfSkk1gtQTqAxM8wpUA:6NCaUxv0iLg1g1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WIN32M.SYS

Files

WIN32M.SYS
.sys windows:5 windows x86 arch:x86

f1a22f7da76b2642a0c8ce34f4df1120

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeSetEvent
KeWaitForMultipleObjects
_allmul
ZwSetInformationThread
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
ZwClose
PsCreateSystemThread
KeInitializeEvent
KeWaitForSingleObject
KeInitializeMutex
IoAcquireCancelSpinLock
READ_REGISTER_UCHAR
WRITE_REGISTER_UCHAR
WRITE_REGISTER_BUFFER_USHORT
READ_REGISTER_BUFFER_USHORT
READ_REGISTER_ULONG
WRITE_REGISTER_ULONG
MmGetPhysicalAddress
MmAllocateContiguousMemorySpecifyCache
MmFreeContiguousMemorySpecifyCache
MmAllocateNonCachedMemory
MmFreeNonCachedMemory
READ_REGISTER_USHORT
WRITE_REGISTER_USHORT
MmMapIoSpace
MmUnmapIoSpace
KeInsertQueueDpc
KeSetTargetProcessorDpc
IoReleaseCancelSpinLock
KeInitializeSpinLock
IoCreateDevice
IoCreateSymbolicLink
ExAllocatePoolWithTag
RtlCopyUnicodeString
IofCompleteRequest
ExFreePoolWithTag
RtlInitUnicodeString
IoDeleteSymbolicLink
IoDeleteDevice
KeNumberProcessors
KeCancelTimer
KeInitializeDpc
KeInitializeTimerEx
KeReleaseMutex
KeSetTimerEx

hal

KeRaiseIrqlToDpcLevel
KfRaiseIrql
HalGetBusData
HalGetBusDataByOffset
HalSetBusDataByOffset
KeGetCurrentIrql
WRITE_PORT_ULONG
WRITE_PORT_USHORT
READ_PORT_USHORT
READ_PORT_ULONG
READ_PORT_BUFFER_USHORT
WRITE_PORT_BUFFER_USHORT
KeStallExecutionProcessor
WRITE_PORT_UCHAR
READ_PORT_UCHAR
HalGetInterruptVector
KfAcquireSpinLock
KfReleaseSpinLock
KfLowerIrql

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1a22f7da76b2642a0c8ce34f4df1120

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 512B - Virtual size: 408B

.data Size: 256B - Virtual size: 224B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 768B - Virtual size: 660B

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 512B - Virtual size: 408B

.data
Size: 256B - Virtual size: 224B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 768B - Virtual size: 660B