g1k2xh[.]sys | Triage

Sharing

Copy URL Twitter E-mail

General

Target

g1k2xh.sys
Size

7KB
MD5

8f9ac67faf1626cf4b1dc718913f90f3
SHA1

65a4506cc7995446e4d1cd8e7e5d8b8edc658724
SHA256

88f323089f983d9fc6b18ecc76a75bf20e3150067acb652cb8912887ef8a81e2
SHA512

820ac51bf622021bb32032618d0a2d45f9f796f7989946e6a577040328865b2826d1523e1c291dc40b905fd501c118a1d38725315652467f93dcca27dee3cd95
SSDEEP

48:CStbDlZVRGyryVQVTfiS5iuNWjJhYhTSF2G15Gj480GNscTP9H4gj:rTRjhaS5iukA48cIPl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
g1k2xh.sys

Files

g1k2xh.sys
.sys windows:10 windows x64 arch:x64

c9e50c2003af9359119f45636aee1f81

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\LWAY\Desktop\Latest\BootHook\No

Imports

ntoskrnl.exe

ObReferenceObjectByName
IoDriverObjectType
ExFreePoolWithTag
RtlInitUnicodeString
ExAllocatePool

Sections

.text
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ