MdmDiagnosticsTool[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

MdmDiagnosticsTool.exe
Size

50KB
MD5

ef7505d7277092a7f2703cb8eee9ea8a
SHA1

d500207160d929d9d9d9b73828eb204eb825f7a0
SHA256

9b0a7ea1ee9c9bc427dceefc394361d74e7fb7a597a09439c3768cc689301d48
SHA512

3204e7883cb60e6d24f6663d4727a9db784e0104cbb6447871984a33e7a1b306ad90c4e3ed715f3bbc900db1a940e4ade5c060d1502129411ec4712d91fbe15b
SSDEEP

1536:aA+3nEATZklqlsCmHlnry0R3BTcl+GdGnqcweYb:YHAy0RRYl+GdGqcxYb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MdmDiagnosticsTool.exe

Files

MdmDiagnosticsTool.exe
.exe windows x64

c2629dc74dbe9dd271c4a59a43bf4896

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_fmode
_lock
__C_specific_handler
_initterm
__setusermatherr
wprintf
_cexit
_exit
_unlock
__dllonexit
_onexit
__CxxFrameHandler3
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_vsnwprintf
??1exception@@UEAA@XZ
memmove
memcpy
_purecall
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
wcsrchr
_commode
??3@YAXPEAX@Z
_vsnprintf_s
_wcsicmp
??0exception@@QEAA@AEBV0@@Z
memcpy_s
??0exception@@QEAA@XZ
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-file-l1-1-0

CreateDirectoryW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress

api-ms-win-core-synch-l1-1-0

ReleaseMutex
OpenSemaphoreW
CreateSemaphoreExW
WaitForSingleObjectEx
WaitForSingleObject
ReleaseSemaphore
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-com-l1-1-0

CoInitializeEx

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

mdmdiagnostics

ord4
ord3
ord1
ord5
ord2

omadmapi

ord34

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2629dc74dbe9dd271c4a59a43bf4896

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-file-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

mdmdiagnostics

omadmapi

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 448B

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 448B