d1ee994a19a79e1630ca16926ec4f309702687b3

Sharing

Copy URL Twitter E-mail

General

Target

d1ee994a19a79e1630ca16926ec4f309702687b3
Size

4.8MB
MD5

32730072ba7c97c747605a3469ba0238
SHA1

d1ee994a19a79e1630ca16926ec4f309702687b3
SHA256

dafeff46f94091190870649fc10ab7258439c8a22b839dad66d60ec1cc828558
SHA512

37e59d56d3728efef6418798107e42b8b63a4122d888078be53a10beca7829c19a9fbee03351da23622a11d25236effd2881813bdd2ad11906be276c23463203
SSDEEP

98304:cCto5YkcHufbEoZxfIxRyvzZEC77aSAHXMGp3dlc:9+uufFZsAzFCSA3Bnc

Score

N/A

Malware Config

Signatures

Files

d1ee994a19a79e1630ca16926ec4f309702687b3
.zip
AppSetup/About/Configuration/BaseRegistration/BaseResource.Schema.mof
AppSetup/About/Configuration/BaseRegistration/MSFT_DSCMetaConfiguration.mof
AppSetup/About/Configuration/BaseRegistration/en-US/BaseResource.Schema.mfl
AppSetup/About/Configuration/BaseRegistration/en-US/MSFT_DSCMetaConfiguration.mfl
AppSetup/About/Configuration/Registration/MSFT_FileDirectoryConfiguration/MSFT_FileDirectoryConfiguration.Registration.mof
AppSetup/About/Configuration/Registration/MSFT_FileDirectoryConfiguration/en-US/MSFT_FileDirectoryConfiguration.Registration.mfl
AppSetup/About/Configuration/Schema/MSFT_FileDirectoryConfiguration/MSFT_FileDirectoryConfiguration.Schema.mof
AppSetup/About/Configuration/Schema/MSFT_FileDirectoryConfiguration/en-US/MSFT_FileDirectoryConfiguration.Schema.mfl
AppSetup/About/DscCore.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AppSetup/About/ODBC.INI
AppSetup/About/ODBCINST.INI
AppSetup/About/PFRO.log
AppSetup/About/PSDSCFileDownloadManagerEvents.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AppSetup/About/ServerStandard.xml
.xml
AppSetup/About/ServerWeb.xml
.xml
AppSetup/About/WinMetadata/Windows.ApplicationModel.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
AppSetup/About/WinMetadata/Windows.Data.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
AppSetup/About/WinMetadata/Windows.Devices.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
AppSetup/About/WinMetadata/Windows.Foundation.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
AppSetup/About/WinMetadata/Windows.Globalization.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
AppSetup/About/WinMetadata/Windows.Graphics.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
AppSetup/About/WinMetadata/Windows.Management.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
AppSetup/About/WinMetadata/Windows.Media.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
AppSetup/About/WinMetadata/Windows.Networking.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
AppSetup/About/WinMetadata/Windows.Security.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
AppSetup/About/WinMetadata/Windows.Storage.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
AppSetup/About/WinMetadata/Windows.System.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
AppSetup/About/WinMetadata/Windows.UI.Xaml.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 773KB - Virtual size: 772KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
AppSetup/About/WinMetadata/Windows.UI.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
AppSetup/About/WinMetadata/Windows.Web.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
AppSetup/About/amd64_acpi.inf_31bf3856ad364e35_6.3.9600.18939_none_138212f0a1d1eae6/acpi.inf
AppSetup/About/amd64_acpi.inf_31bf3856ad364e35_6.3.9600.18939_none_138212f0a1d1eae6/acpi.sys
.exe windows x64

ff76db7a08b93ec7fbf02cef7f51f1e8

Code Sign

33:00:00:01:74:69:de:10:8b:37:65:a8:d7:00:00:00:00:01:74
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:23

Not After

11/08/2018, 20:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:76:af:61:7c:8c:04:56:e0:50:9e:f4:81:ba:51:fc:52:9f:0f:72:50:92:39:4e:61:df:24:fc:7c:47:b0:70
Signer

Actual PE Digest

47:76:af:61:7c:8c:04:56:e0:50:9e:f4:81:ba:51:fc:52:9f:0f:72:50:92:39:4e:61:df:24:fc:7c:47:b0:70

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/12/2022, 13:59
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoDeleteDevice
PoRequestPowerIrp
ObfReferenceObject
ObfDereferenceObject
IofCallDriver
IoAllocateWorkItem
IoQueueWorkItem
IoFreeWorkItem
RtlCopyUnicodeString
KeInitializeSpinLock
KeInitializeEvent
ExInitializeResourceLite
ExInitializeNPagedLookasideList
IoRegisterBootDriverReinitialization
IoConnectInterruptEx
KeBugCheckEx
ZwPowerInformation
_vsnprintf
_vsnwprintf
KeSetEvent
RtlIoDecodeMemIoResource
RtlCmDecodeMemIoResource
RtlIsRangeAvailable
RtlFreeRangeList
RtlInitializeRangeList
RtlAddRange
RtlInvertRangeList
KeInsertQueueDpc
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExQueryDepthSList
IoReserveDependency
IoResolveDependency
IoCreateDevice
IoAttachDeviceToDeviceStack
KeWaitForSingleObject
IoInvalidateDeviceRelations
IoRequestDeviceEject
IoGetAttachedDeviceReference
strstr
strnlen
EmClientRuleEvaluate
IoSetDevicePropertyData
IoInvalidateDeviceState
ObReferenceObjectByPointer
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
ExQueueWorkItem
IoReleaseCancelSpinLock
IoOpenDeviceRegistryKey
ZwSetValueKey
_strtoui64
IoBuildSynchronousFsdRequest
IoDuplicateDependency
IoSetDependency
ObfReferenceObjectWithTag
ObfDereferenceObjectWithTag
IoTestDependency
PoSetPowerState
PoCallDriver
IoAcquireCancelSpinLock
PoSetSystemWake
IoDetachDevice
SeSinglePrivilegeCheck
IoDeleteSymbolicLink
ExDeleteNPagedLookasideList
IoGetDeviceProperty
IoCreateSymbolicLink
IoDisconnectInterruptEx
HalPrivateDispatchTable
MmLockPagableDataSection
MmUnlockPagableImageSection
ExInterlockedRemoveHeadList
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
KeEnterCriticalRegion
ExAcquireResourceSharedLite
ExReleaseResourceLite
KeLeaveCriticalRegion
ExAcquireResourceExclusiveLite
IoUnregisterPlugPlayNotification
ZwOpenFile
RtlCompareMemory
IoBuildDeviceIoControlRequest
IoRegisterPlugPlayNotification
KeClearEvent
wcsstr
PoFxNotifySurprisePowerOn
ZwQuerySystemInformation
RtlIntegerToUnicodeString
EmProviderRegister
RtlInitAnsiString
RtlAnsiStringToUnicodeString
IofCompleteRequest
NlsMbCodePageTag
RtlxAnsiStringToUnicodeSize
KeQueryActiveProcessorCountEx
EmClientQueryRuleState
HalDispatchTable
ZwSetSystemInformation
RtlAnsiCharToUnicodeChar
ExCreateCallback
ExRegisterCallback
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
IoGetDevicePropertyData
_strupr
IoWMIOpenBlock
IoWMIQueryAllData
IoWMIExecuteMethod
RtlEqualUnicodeString
HeadlessDispatch
MmGetPhysicalAddress
PoShutdownBugCheck
MmMapIoSpace
KeSetImportanceDpc
IoQueueWorkItemEx
KeWaitForMultipleObjects
PsTerminateSystemThread
KfRaiseIrql
KeLowerIrql
KeProcessorGroupAffinity
KeSetSystemGroupAffinityThread
KeQueryTimeIncrement
KeRevertToUserGroupAffinityThread
ExAcquireFastMutex
ExReleaseFastMutex
RtlDeleteRange
RtlFindRange
IoGetDeviceNumaNode
KeStartDynamicProcessor
RtlIoEncodeMemIoResource
ZwCreateKey
ZwQueryValueKey
ZwOpenKey
ZwEnumerateKey
RtlUnicodeStringToInteger
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
MmUnmapIoSpace
_stricmp
RtlFindLeastSignificantBit
IoCancelIrp
IoUnregisterPlugPlayNotificationEx
IoFreeIrp
IoWMIRegistrationControl
IoAllocateIrp
ZwCreateFile
IoFileObjectType
KeDelayExecutionThread
IoReuseIrp
IoSynchronousCallDriver
RtlCompareUnicodeString
IoReportInterruptInactive
IoReportInterruptActive
PoSetHiberRange
KeSetTimer
KeCancelTimer
ExAllocatePoolWithTag
ExFreePoolWithTag
RtlInitUnicodeString
EtwWrite
EtwEventEnabled
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
KdEnableDebugger
ZwLoadDriver
KdDisableDebugger
ord3
ExAcquireSpinLockShared
ExReleaseSpinLockShared
ExTryQueueWorkItem
ExUnregisterCallback
ExNotifyCallback
ExInitializeRundownProtection
ExAcquireSpinLockExclusive
ExReleaseSpinLockExclusive
DbgPrintEx
ExWaitForRundownProtectionRelease
NtClose
ExAcquireRundownProtection
strncmp
strchr
strrchr
ExReleaseRundownProtection
ExSetTimer
KeQueryInterruptTimePrecise
InitSafeBootMode
RtlGetNextRange
RtlGetFirstRange
RtlQueryRegistryValuesEx
KeGetProcessorNumberFromIndex
KeRegisterProcessorChangeCallback
RtlCopyRangeList
KeQueryMaximumGroupCount
KeQueryGroupAffinity
KeGetProcessorIndexFromNumber
KeQueryMaximumProcessorCountEx
RtlInvertRangeListEx
_wcsicmp
RtlDeleteOwnersRanges
KeInitializeDpc
KeInitializeTimer
RtlFreeUnicodeString
EtwRegister

hal

HalGetMessageRoutingInfo
HalConvertDeviceIdtToIrql
KeFlushWriteBuffer
HalGetProcessorIdByNtNumber
HalSetBusDataByOffset
HalGetBusDataByOffset
HalGetMemoryCachingRequirements
KdHvComPortInUse
KdComPortInUse
KeStallExecutionProcessor
KeQueryPerformanceCounter
HalGetInterruptTargetInformation

wmilib.sys

WmiCompleteRequest
WmiSystemControl

Exports

Exports

DeRegisterOpRegionHandler
RegisterOpRegionHandler

Sections

.text
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 119B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGEDATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECONS
Size: 512B - Virtual size: 58B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppSetup/About/amd64_acpipagr.inf.resources_31bf3856ad364e35_6.3.9600.16384_en-us_bcbaa4727b8b80b6/acpipagr.inf_loc
AppSetup/About/amd64_acpipagr.inf_31bf3856ad364e35_6.3.9600.16384_none_f5a27e69194bb29a/acpipagr.inf
AppSetup/About/amd64_acpipagr.inf_31bf3856ad364e35_6.3.9600.16384_none_f5a27e69194bb29a/acpipagr.sys
.exe windows x64

4be91eaa180fe01cb91646273a069b7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAcquirePushLockSharedEx
ExAcquirePushLockExclusiveEx
KeQueryActiveProcessorCountEx
EtwUnregister
ExReleasePushLockExclusiveEx
EtwEventEnabled
EtwWrite
RtlCopyUnicodeString
ZwPowerInformation
ExReleasePushLockSharedEx
ExFreePoolWithTag
EtwRegister
ExAllocatePoolWithTag

wdfldr.sys

WdfVersionUnbindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionBindClass

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppSetup/About/amd64_acpipmi.inf.resources_31bf3856ad364e35_6.3.9600.16384_en-us_413d2129b67b6ee2/acpipmi.inf_loc
AppSetup/About/en-US/DscCoreR.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AppSetup/About/en-US/PSDSCFileDownloadManagerEvents.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AppSetup/About/setupact.log
AppSetup/Setup.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 49KB - Virtual size: 49KB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 5KB - Virtual size: 5KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 130KB - Virtual size: 130KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 48KB - Virtual size: 48KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 165KB - Virtual size: 164KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 29KB - Virtual size: 28KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 53KB - Virtual size: 52KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 48KB - Virtual size: 47KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 8KB - Virtual size: 7KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 118KB - Virtual size: 117KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 109KB - Virtual size: 109KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 64KB - Virtual size: 64KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 93KB - Virtual size: 93KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 19KB - Virtual size: 19KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 773KB - Virtual size: 772KB

.rsrc
Size: 49KB - Virtual size: 49KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 130KB - Virtual size: 130KB

.text
Size: 48KB - Virtual size: 48KB

.text
Size: 165KB - Virtual size: 164KB

.text
Size: 29KB - Virtual size: 28KB

.text
Size: 53KB - Virtual size: 52KB

.text
Size: 48KB - Virtual size: 47KB

.text
Size: 8KB - Virtual size: 7KB

.text
Size: 118KB - Virtual size: 117KB

.text
Size: 109KB - Virtual size: 109KB

.text
Size: 64KB - Virtual size: 64KB

.text
Size: 93KB - Virtual size: 93KB

.text
Size: 19KB - Virtual size: 19KB

.text
Size: 773KB - Virtual size: 772KB

.text
Size: 170KB - Virtual size: 169KB

.text
Size: 91KB - Virtual size: 90KB

33:00:00:01:74:69:de:10:8b:37:65:a8:d7:00:00:00:00:01:74
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

47:76:af:61:7c:8c:04:56:e0:50:9e:f4:81:ba:51:fc:52:9f:0f:72:50:92:39:4e:61:df:24:fc:7c:47:b0:70
Signer

15/12/2022, 13:59
Valid: false

.text
Size: 266KB - Virtual size: 266KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 12KB - Virtual size: 17KB

.pdata
Size: 23KB - Virtual size: 23KB

PAGE
Size: 112KB - Virtual size: 112KB

.edata
Size: 512B - Virtual size: 119B

PAGEDATA
Size: 3KB - Virtual size: 2KB

PAGECONS
Size: 512B - Virtual size: 58B

INIT
Size: 25KB - Virtual size: 24KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 804B

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 512B - Virtual size: 216B