Register-CimProvider[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Register-CimProvider.exe
Size

20KB
MD5

64621ed479acfb44ff646f0093a7d1b0
SHA1

1c81416f56a09764ae7ffbec755dc8a038937b0a
SHA256

08f6185dc43040babf0219914f4af40a0ae18b53f3f979f0c1f729d599644270
SHA512

4db5a1b1d8b94d270a97c25e19a25708822d276413eb030e55fcdd6b88f9feac4a29385a0a1a8b88a712a72a0c0b44fca06b1f6091f3a4993e884f4c85c9fb55
SSDEEP

384:Hx9lNApeJptUSCMdM+hui/XVKY4gAbNvHettl0rx3Wx1Wf1:LIyvJ5y+huiduNvettlOxOa1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Register-CimProvider.exe

Files

Register-CimProvider.exe
.exe windows x86

667bcfabe2ed8051ba0e39fd6d34830d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wprintf
_except_handler4_common
_controlfp
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
memmove_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_wcsicmp
memcpy_s
setlocale
_vsnwprintf
exit

api-ms-win-core-heap-l1-2-0

HeapAlloc
HeapSetInformation
HeapFree
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleA
LoadStringW

api-ms-win-core-localization-l1-2-1

SetThreadPreferredUILanguages

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-debug-l1-1-1

OutputDebugStringA

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

prvdmofcomp

GetProviderSchema
CompileSchemaToWMI
CreateRegisterParameter

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

667bcfabe2ed8051ba0e39fd6d34830d

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-heap-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

prvdmofcomp

Sections

.text Size: 14KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 908B

.text
Size: 14KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 908B