General

Malware Config

Signatures

Files

• Malware.zip

  .zip
• Copy_INV_01-20.lnk

  .lnk
• wisbispodi/rajsoldabS.cmd
• wisbispodi/tunneling.dat

  .dll windows x64

  0ffedc7df6a9d79e68975e9a4cc6d5d9

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  msvcrt

  _unlock

  __dllonexit

  _lock

  _onexit

  ??3@YAXPEAX@Z

  mbtowc

  __mb_cur_max

  isleadbyte

  _iob

  _snprintf

  _itoa

  ferror

  __badioinfo

  __pioinfo

  memcpy

  ??1type_info@@UEAA@XZ

  _amsg_exit

  _XcptFilter

  __C_specific_handler

  memset

  _wcsupr

  _wcslwr

  _errno

  __CxxFrameHandler

  iswdigit

  _vscwprintf

  wcsrchr

  wcspbrk

  _wcsnicmp

  iswalpha

  ?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z

  _fileno

  _lseeki64

  wcsstr

  wcschr

  _write

  _isatty

  _CxxThrowException

  ??2@YAPEAX_K@Z

  _wcsicmp

  ??_U@YAPEAX_K@Z

  memmove

  _initterm

  _vsnwprintf

  _resetstkoflw

  malloc

  free

  ??_V@YAXPEAX@Z

  memcmp

  ntdll

  RtlNtStatusToDosError

  VerSetConditionMask

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  kernel32

  WaitForSingleObjectEx

  SetEndOfFile

  WaitForMultipleObjectsEx

  GetThreadLocale

  LCMapStringW

  SetFilePointer

  CreateEventW

  SetEvent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  GetCurrentProcessId

  GetCurrentThreadId

  GetTickCount

  QueryPerformanceCounter

  GetVersionExA

  RaiseException

  HeapSize

  VirtualProtect

  Sleep

  GetProcessHeap

  GetSystemTimeAsFileTime

  DeviceIoControl

  ReleaseMutex

  WaitForSingleObject

  CreateMutexW

  LocalReAlloc

  LocalAlloc

  GetSystemDirectoryW

  LocalFree

  CompareStringW

  WideCharToMultiByte

  GetEnvironmentVariableW

  GetSystemWindowsDirectoryW

  CopyFileW

  HeapReAlloc

  HeapAlloc

  HeapFree

  InitializeCriticalSection

  HeapDestroy

  LeaveCriticalSection

  EnterCriticalSection

  DeleteCriticalSection

  OutputDebugStringA

  GetLastError

  lstrcmpiW

  SizeofResource

  LockResource

  LoadResource

  FindResourceW

  FindResourceExW

  lstrlenW

  SetLastError

  LoadLibraryW

  GetProcAddress

  FreeLibrary

  GetVersionExW

  VerifyVersionInfoW

  SetFileAttributesW

  DeleteFileW

  GetFullPathNameW

  GetFileAttributesW

  CreateDirectoryW

  GetTempFileNameW

  MoveFileExW

  CreateFileW

  CloseHandle

  FindFirstFileW

  lstrcmpW

  FindNextFileW

  FindClose

  RemoveDirectoryW

  GetFileSize

  CreateFileMappingW

  MapViewOfFile

  MultiByteToWideChar

  UnmapViewOfFile

  user32

  UnregisterClassA

  CharLowerW

  setupapi

  pSetupGetGlobalFlags

  pSetupSetGlobalFlags

  SetupDiClassNameFromGuidW

  SetupDiSetSelectedDevice

  SetupDiOpenDeviceInfoW

  SetupDiSetClassInstallParamsW

  SetupDiGetDriverInfoDetailW

  SetupDiGetSelectedDriverW

  SetupDiCallClassInstaller

  SetupDiBuildDriverInfoList

  SetupDiSetDeviceInstallParamsW

  SetupDiGetDeviceInstallParamsW

  SetupDiCreateDeviceInfoList

  SetupDiGetDeviceInstanceIdW

  SetupDiOpenDevRegKey

  CM_Get_Device_IDW

  SetupDiSetDeviceRegistryPropertyW

  CM_Setup_DevNode

  CM_Query_And_Remove_SubTreeW

  CM_Get_DevNode_Status

  CM_Locate_DevNodeW

  CM_Get_Device_ID_List_SizeW

  CM_Get_Device_ID_ListW

  SetupDiGetDeviceRegistryPropertyW

  SetupDiEnumDeviceInfo

  CM_Enumerate_Classes

  SetupDiOpenClassRegKey

  SetupGetTargetPathW

  SetupDiGetClassDevsW

  SetupDiDestroyDeviceInfoList

  SetupDefaultQueueCallbackW

  SetupCommitFileQueueW

  SetupQueueCopyW

  SetupTermDefaultQueueCallback

  SetupInitDefaultQueueCallbackEx

  SetupCloseFileQueue

  SetupOpenFileQueue

  SetupCopyOEMInfW

  SetupOpenInfFileW

  SetupCloseInfFile

  SetupDiGetActualSectionToInstallW

  SetupGetLineCountW

  SetupOpenAppendInfFileW

  SetupFindFirstLineW

  SetupInstallFilesFromInfSectionW

  SetupPromptReboot

  SetupInstallFromInfSectionW

  SetupInstallServicesFromInfSectionW

  SetupFindNextLine

  SetupFindNextMatchLineW

  SetupGetStringFieldW

  SetupGetIntField

  SetupGetFieldCount

  advapi32

  DeleteService

  AllocateAndInitializeSid

  CheckTokenMembership

  FreeSid

  RegOpenKeyExW

  RegCreateKeyExW

  RegSetValueExW

  RegDeleteKeyW

  RegQueryValueExW

  RegDeleteValueW

  GetLengthSid

  InitializeAcl

  AddAccessAllowedAce

  InitializeSecurityDescriptor

  SetSecurityDescriptorDacl

  SetEntriesInAclW

  QueryServiceStatus

  OpenSCManagerW

  OpenServiceW

  ControlService

  StartServiceW

  RegCloseKey

  CloseServiceHandle

  ole32

  CoInitialize

  CoUninitialize

  StringFromCLSID

  CoTaskMemFree

  CoCreateInstance

  Exports

  Exports

  gIFXAPISetLogCallbackA

  gIFXAPISetLogCallbackW

  griverPackageGetPathA

  griverPackageGetPathW

  griverPackageInstallA

  griverPackageInstallW

  griverPackagePreinstallA

  griverPackagePreinstallW

  griverPackageUninstallA

  griverPackageUninstallW

  getDifxLogCallbackA

  init

  Sections

  .text

  Size: 452KB - Virtual size: 451KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 2KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 41KB - Virtual size: 40KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 16KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ