Kernel[.]sys | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Kernel.sys
Size

15KB
MD5

ddc7c99d4e7f892a280609cf709b8024
SHA1

2bef3d674b3a6a867f84335a853cdcb92f7a8559
SHA256

df28b49fd37ffa6f7096d8ff9562ba1147d7843224ca29921c9e067f4b73871e
SHA512

6a12684edc3a038dac22352861ef36e812195db333a200bb269483664e74914255d4150db98d8fb0f5a981b4f5a01915093e5c55a858cff09a0ad7e0a042b514
SSDEEP

384:Q2ygVekfofO+6mY3EVXa9brf+ZFWfG+oKCSW:OXkor6m7V4+ZUeKC1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Kernel.sys

Files

Kernel.sys
.sys windows:10 windows x64 arch:x64

5700fe089c5ee27b6d2a21d3dc70ffb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\frank\Downloads\hwid-master\Kernel\x64\Release\Kernel.pdb

Imports

ntoskrnl.exe

wcsstr
RtlInitUnicodeString
DbgPrintEx
KeInitializeEvent
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
MmMapLockedPages
IoBuildDeviceIoControlRequest
IofCallDriver
IoGetAttachedDeviceReference
IoGetDeviceObjectPointer
ObfDereferenceObject
RtlRandomEx
IoEnumerateDeviceObjectList
ObQueryNameString
swprintf
ObReferenceObjectByName
IoDriverObjectType
tolower
strstr
MmCopyMemory
ZwQuerySystemInformation

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 722B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE