NVDisplay[.]Container[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NVDisplay.Container.exe
Size

991KB
MD5

2360dd2b3a7de976d2fa9ec57d5a04b3
SHA1

6c5ecb83d871af320fa9197a93f01cd93e5aff8e
SHA256

8b923a74792ae8beea9970105b5c05bf6e70152a28609ae1d46bb2c8fbab4c30
SHA512

ec0a02b501f7da20d54011ebf9339bd14f97108c9f318c3e30876d56b6fad3c43d255a1b9427d6ccc2bf99108a734d769c6313238817cc38a163a28554a6a568
SSDEEP

24576:3ZPo9KDpIHEE0rpZQESit86xUR6sCGkMM:3ZPgKDpIH0pZQESc86xUR6tl

Score

1^/10

Malware Config

Signatures

Files

NVDisplay.Container.exe
.exe windows x64

f9bbd9a50a1378278fd166c16250f282

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:00:ee:4e:d1:a9:59:cc:98:87:e9:05:ad:66:2b:fe
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26/02/2022, 00:00

Not After

01/03/2023, 23:59

Subject

CN=Nvidia Corporation,OU=IT-MIS,O=Nvidia Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

22/07/2020, 15:33

Not After

29/12/2030, 16:29

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/03/2022, 19:58

Not After

08/03/2023, 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b5:6b:58:68:6a:6f:bf:df:2b:de:3c:17:7f:44:66:03:64:5e:3c:7f:a9:bd:b6:f3:3e:b7:d1:8f:3d:20:2d:7d
Signer

Actual PE Digest

b5:6b:58:68:6a:6f:bf:df:2b:de:3c:17:7f:44:66:03:64:5e:3c:7f:a9:bd:b6:f3:3e:b7:d1:8f:3d:20:2d:7d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

23/03/2023, 16:06
Valid: false

b5:6b:58:68:6a:6f:bf:df:2b:de:3c:17:7f:44:66:03:64:5e:3c:7f:a9:bd:b6:f3:3e:b7:d1:8f:3d:20:2d:7d
Signer

Actual PE Digest

b5:6b:58:68:6a:6f:bf:df:2b:de:3c:17:7f:44:66:03:64:5e:3c:7f:a9:bd:b6:f3:3e:b7:d1:8f:3d:20:2d:7d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nvidia Corporation,OU=IT-MIS,O=Nvidia Corporation,L=Santa Clara,ST=California,C=US

20/07/2022, 20:50
Valid: true

Chain 1

CN=Nvidia Corporation,OU=IT-MIS,O=Nvidia Corporation,L=Santa Clara,ST=California,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathIsRelativeW

kernel32

VerSetConditionMask
CreateFileW
GetFileAttributesW
GetFullPathNameW
OutputDebugStringW
SetLastError
CreateProcessA
CreateProcessW
GetSystemDirectoryW
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
lstrcmpA
VerifyVersionInfoW
FileTimeToSystemTime
ExpandEnvironmentStringsW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
OutputDebugStringA
Sleep
GetCurrentThreadId
ProcessIdToSessionId
GetSystemTime
GetSystemTimeAsFileTime
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetModuleHandleExW
MoveFileW
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
RemoveVectoredContinueHandler
CreateDirectoryW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
GetCurrentDirectoryW
GetErrorMode
SetErrorMode
GetCommandLineW
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
RemoveDirectoryW
DeviceIoControl
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetStringTypeW
GetFileSizeEx
ReadConsoleW
ReadFile
SetStdHandle
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetConsoleCtrlHandler
GetCurrentThread
EnumSystemLocalesW
AddVectoredContinueHandler
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RtlCaptureStackBackTrace
RtlUnwind
GetModuleHandleW
WaitForMultipleObjects
OpenEventW
LocalFree
LocalAlloc
OpenProcess
CreateThread
GetCurrentProcessId
CreateEventW
WaitForSingleObject
SetEvent
GetLastError
CloseHandle
GetCurrentProcess
GetProcessTimes
SetDefaultDllDirectories
HeapReAlloc
Process32NextW
FormatMessageA
SetCurrentDirectoryW
FindFirstFileExW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
SetEndOfFile
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
GetTempPathW
AreFileApisANSI
CreateDirectoryExW
CopyFileW
MoveFileExW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetFileType
GetStdHandle
WriteConsoleW
GetCPInfo
WriteFile
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID

user32

PeekMessageW
GetMessageW
ShutdownBlockReasonDestroy
ShutdownBlockReasonCreate
SetWindowLongPtrW
GetWindowLongPtrW
LoadStringW
UnregisterClassW
RegisterClassW
DefWindowProcW
PostMessageW
DispatchMessageW
TranslateMessage
DestroyWindow
PostThreadMessageW
CreateWindowExW

shell32

CommandLineToArgvW

advapi32

RegDeleteValueW
RegSetKeyValueW
RegOpenKeyExW
GetUserNameW
BuildExplicitAccessWithNameW
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
ChangeServiceConfigW
RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
LookupAccountSidW
CreateWellKnownSid
OpenProcessToken

Exports

Exports

NvOptimusEnablement

Sections

.text
Size: 640KB - Virtual size: 640KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9bbd9a50a1378278fd166c16250f282

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:00:ee:4e:d1:a9:59:cc:98:87:e9:05:ad:66:2b:feCertificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4Certificate

Extended Key Usages

Key Usages

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dcCertificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

b5:6b:58:68:6a:6f:bf:df:2b:de:3c:17:7f:44:66:03:64:5e:3c:7f:a9:bd:b6:f3:3e:b7:d1:8f:3d:20:2d:7dSigner

Signature Validations

Verification

23/03/2023, 16:06 Valid: false

b5:6b:58:68:6a:6f:bf:df:2b:de:3c:17:7f:44:66:03:64:5e:3c:7f:a9:bd:b6:f3:3e:b7:d1:8f:3d:20:2d:7dSigner

Signature Validations

Verification

20/07/2022, 20:50 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

shell32

advapi32

Exports

Exports

Sections

.text Size: 640KB - Virtual size: 640KB

.rdata Size: 144KB - Virtual size: 143KB

.data Size: 9KB - Virtual size: 24KB

.pdata Size: 38KB - Virtual size: 37KB

.didat Size: 512B - Virtual size: 48B

_RDATA Size: 512B - Virtual size: 384B

.rsrc Size: 134KB - Virtual size: 134KB

.reloc Size: 3KB - Virtual size: 3KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:00:ee:4e:d1:a9:59:cc:98:87:e9:05:ad:66:2b:fe
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

b5:6b:58:68:6a:6f:bf:df:2b:de:3c:17:7f:44:66:03:64:5e:3c:7f:a9:bd:b6:f3:3e:b7:d1:8f:3d:20:2d:7d
Signer

23/03/2023, 16:06
Valid: false

b5:6b:58:68:6a:6f:bf:df:2b:de:3c:17:7f:44:66:03:64:5e:3c:7f:a9:bd:b6:f3:3e:b7:d1:8f:3d:20:2d:7d
Signer

20/07/2022, 20:50
Valid: true

.text
Size: 640KB - Virtual size: 640KB

.rdata
Size: 144KB - Virtual size: 143KB

.data
Size: 9KB - Virtual size: 24KB

.pdata
Size: 38KB - Virtual size: 37KB

.didat
Size: 512B - Virtual size: 48B

_RDATA
Size: 512B - Virtual size: 384B

.rsrc
Size: 134KB - Virtual size: 134KB

.reloc
Size: 3KB - Virtual size: 3KB