DevicePairingWizard[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

DevicePairingWizard.exe
Size

92KB
MD5

d1d2077cffdfa3aa3d8b0d165e0d4056
SHA1

40bb0e12d4f1f179e1ae3ee92930ee0ef9db9616
SHA256

1003a2e8786ef3f2bdb2c9a017dd5712192eb2c2ac88c296fa290b7f15c47efb
SHA512

9706db92da5939a5704085c8f22e5bd9586bb2bdc468ee988a1962ae7fbcee3fb7d844eb9c99ff02a864cda2dd8f3db40cae21baac544e1ffd096a7993617d39
SSDEEP

768:pjNfqeerm2QoU47ltKE92Djb+e7Ynn7IiE1+t3+kxGyTHA4G0In3BhzhWM1GOVzh:tN72QoptKDwn7IiEwtLxGyTHqZ3qOTf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DevicePairingWizard.exe

Files

DevicePairingWizard.exe
.exe windows x64

048d96a843a6df20276e268a873746a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

EventUnregister
EventSetInformation
EventRegister
EventActivityIdControl
EventWriteTransfer

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
InitOnceBeginInitialize
InitOnceComplete
ReleaseSRWLockExclusive
AcquireSRWLockExclusive

mfc42u

ord6887
ord4598
ord5039
ord659
ord1063
ord4214
ord6886
ord665
ord2752
ord3916
ord4770
ord4983
ord4371
ord3164
ord4077
ord4083
ord4082
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord6053
ord5711
ord5730
ord5065
ord4368
ord5724
ord5722
ord3468
ord2412
ord5615
ord1388
ord4191
ord6071
ord2515
ord2559
ord4836
ord6813
ord1584
ord1463

msvcrt

?terminate@@YAXXZ
_onexit
memcpy_s
_vsnwprintf
__dllonexit
_unlock
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_purecall
isspace
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1type_info@@UEAA@XZ
??1exception@@UEAA@XZ
__CxxFrameHandler3
_CxxThrowException
memset

shlwapi

StrCmpNIW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstance

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetStartupInfoW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

048d96a843a6df20276e268a873746a7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

mfc42u

msvcrt

shlwapi

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 3KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 512B - Virtual size: 216B

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 512B - Virtual size: 216B