Register-CimProvider[.]exe

General

Target

Register-CimProvider.exe
Size

20KB
MD5

401272d3171cd52149b12fc01353b1e4
SHA1

a00824074f4cc3fff89ed8dc8d3dcaee47c641fb
SHA256

8c111d98ebe8abb06f02c915005f7541feb34f355643ab9696808b9cd716c840
SHA512

60b9e7acaac28ce9e3cffda468cc64c9581302585d5d57a4ccec383ecb4043fc473eb9296b4c76cd19b7039fb204ff20768b0a99bccd0f70e8aad00852612c74
SSDEEP

384:rxU9pARufOSCkdk+VuK/XppIY4gs7NoHetXnx/Wn1We1:Y4ahi+VuKRpoNietXxMD1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Register-CimProvider.exe

Files

Register-CimProvider.exe
.exe windows x86

11b7c046871154ff247e2cb0efc9aa4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_initterm
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_controlfp
__setusermatherr
__p__fmode
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
memmove_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_wcsicmp
memcpy_s
setlocale
_vsnwprintf
exit
_except_handler4_common
wprintf

kernel32

SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
HeapFree
OutputDebugStringA
Sleep
SetThreadPreferredUILanguages
GetModuleHandleW
GetProcessHeap
HeapSetInformation
HeapAlloc

user32

LoadStringW

prvdmofcomp

GetProviderSchema
CompileSchemaToWMI
CreateRegisterParameter

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11b7c046871154ff247e2cb0efc9aa4b

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

prvdmofcomp

Sections

.text Size: 14KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 908B

.text
Size: 14KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 908B