driver[.]sys | Triage

Sharing

Copy URL Twitter E-mail

General

Target

driver.sys
Size

8KB
MD5

1c44f65ade2ce0d4b87647c1507d0b22
SHA1

403f10c6d496b031e226515df43fe5f65e012c6e
SHA256

87e9a1c46a19a749b7844ceff0f3e7bacc8c45ec905e9f0d61c61f4c75196460
SHA512

e3534a045e3b393de5f5f62b0a40a770b7a488c99026f1ace9c78c19daef664ada8ce14146b065f55a217e564d5488a66d0f6ed93bfca3c839a4a9671ccd26a9
SSDEEP

96:xC8C45aHL+C40E//GeaN91SHWj7TEGMFOjeZx3NBbApDDIy:AfL+Cy//Xi1YcHQZx3vbEn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
driver.sys

Files

driver.sys
.sys windows:10 windows x64 arch:x64

8793f62fd8e4d4224015005da3e802d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\matcha-main\build\driver\matcha-driver.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
DbgPrint
RtlGetVersion
KeGetCurrentIrql
ExAllocatePool
ExFreePoolWithTag
MmUnmapIoSpace
MmMapIoSpaceEx
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
MmCopyMemory
PsLookupProcessByProcessId
IoCreateDriver
PsGetProcessSectionBaseAddress
ZwQuerySystemInformation

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ