imdsksvc[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

imdsksvc.exe
Size

20KB
MD5

9265cc7dc2ba40628eaa543c281c880c
SHA1

f3346320c33db3e6fe4fcf644b86a5aae28e7b92
SHA256

0b5946c775ee7adb8504452eca91d27896cee79ed625704b1e0b3dfebd0354f9
SHA512

46af26d69f677d8384c08230303a2fc675b50397c3ff8b288e9c9fc85c366788edcff892b1be81524aeb507d6f94754446a01d8e8b5e0da43a5ce24a33293a3b
SSDEEP

384:4ySrif/b/1Bmdiqjk9lZY2W8ETShGfZ27ufedaQG:4yS+hBm1jkm8EWmFfKaQG

Score

N/A

Malware Config

Signatures

Files

imdsksvc.exe
.exe windows x64

21234cd661c6cf68e9172d59ae48d428

Code Sign

fd:37:cf:da:cc:86:3b:ff:3d:66:af:2f:52:34:8b:69
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28/02/2020, 00:00

Not After

27/02/2022, 23:59

Subject

CN=Micro Focus Group Limited,O=Micro Focus Group Limited,POSTALCODE=RG14 1QN,STREET=The Lawn\, 22-30 Old Bath Road,L=Newbury,ST=Berkshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:b1:74:16:9b:8c:42:56:00:00:00:00:55:91:e9:0e
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

05/10/2018, 20:33

Not After

05/01/2030, 21:03

Subject

CN=Entrust Time Stamping Authority,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e5:1d:9b:75:82:87:98:3c:03:f0:53:ad:ed:b1:86:ef:b9:6e:9d:71:0b:04:72:83:13:c8:15:f8:11:ad:83:36
Signer

Actual PE Digest

e5:1d:9b:75:82:87:98:3c:03:f0:53:ad:ed:b1:86:ef:b9:6e:9d:71:0b:04:72:83:13:c8:15:f8:11:ad:83:36

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Micro Focus Group Limited,O=Micro Focus Group Limited,POSTALCODE=RG14 1QN,STREET=The Lawn\, 22-30 Old Bath Road,L=Newbury,ST=Berkshire,C=GB

16/04/2020, 13:27
Valid: true

Chain 1

CN=Micro Focus Group Limited,O=Micro Focus Group Limited,POSTALCODE=RG14 1QN,STREET=The Lawn\, 22-30 Old Bath Road,L=Newbury,ST=Berkshire,C=GB

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW

kernel32

ExitProcess
GetCommState
WaitForSingleObject
SetEvent
ConnectNamedPipe
CreateNamedPipeW
WriteFile
SetCommState
SetCommTimeouts
WideCharToMultiByte
ReadFile
CreateFileW
GetOverlappedResult
GetLastError
SetLastError
ResetEvent
BuildCommDCBAndTimeoutsW
CreateEventW
DeviceIoControl
WaitForMultipleObjects
GetCommTimeouts
CloseHandle
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

user32

MessageBoxA

msvcrt

??2@YAPEAX_K@Z
wcsstr
_beginthreadex
malloc
free
wcstoul
wcstok
??3@YAXPEAX@Z
memset
memcpy

wsock32

connect
gethostbyname
closesocket
WSASetLastError
getservbyname
socket
setsockopt
htons
WSAGetLastError
ioctlsocket
WSAStartup

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21234cd661c6cf68e9172d59ae48d428

Code Sign

fd:37:cf:da:cc:86:3b:ff:3d:66:af:2f:52:34:8b:69Certificate

Extended Key Usages

Key Usages

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

2b:b1:74:16:9b:8c:42:56:00:00:00:00:55:91:e9:0eCertificate

Extended Key Usages

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

e5:1d:9b:75:82:87:98:3c:03:f0:53:ad:ed:b1:86:ef:b9:6e:9d:71:0b:04:72:83:13:c8:15:f8:11:ad:83:36Signer

Signature Validations

Verification

16/04/2020, 13:27 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

wsock32

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 300B

.rsrc Size: 1024B - Virtual size: 896B

.reloc Size: 512B - Virtual size: 24B

fd:37:cf:da:cc:86:3b:ff:3d:66:af:2f:52:34:8b:69
Certificate

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

2b:b1:74:16:9b:8c:42:56:00:00:00:00:55:91:e9:0e
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

e5:1d:9b:75:82:87:98:3c:03:f0:53:ad:ed:b1:86:ef:b9:6e:9d:71:0b:04:72:83:13:c8:15:f8:11:ad:83:36
Signer

16/04/2020, 13:27
Valid: true

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 300B

.rsrc
Size: 1024B - Virtual size: 896B

.reloc
Size: 512B - Virtual size: 24B