DelDrv[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

DelDrv.exe
Size

693KB
MD5

01562cf76cfbdba17c4600f885abda88
SHA1

cb09c4a6e30f71c46377a0c3286553ea9f186c46
SHA256

159f0072ef38f46b068cd5429043d3521318e9c5d576cc834f3912f130e56029
SHA512

37e4de048520d2ee7e26795ef8a5e3a8f3ecbd74fb76c96677f159c0f3c375acd659b11d6665d6cd067ae225dbf7de3c1474504fc1bf0c7a3f0ddc03628c8032
SSDEEP

12288:smuP/hdxxlgrI+sct8IKbFl0ziXExzwcM7j2JMqyr4Rz9beR:uP5/xqrI2RIgzi09wcM7j2JMqA4Rz9bC

Score

1^/10

Malware Config

Signatures

Files

DelDrv.exe
.exe windows:4 windows x86

77b1ca35e2873fdeed695e9c4adc5773

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:8a:d4:08:54:52:fd:13:0f:fa:5e:1e:e0:a2:7e:1e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/06/2006, 00:00

Not After

21/06/2007, 23:59

Subject

CN=Canon Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Inkjet System Development Center,O=Canon Inc.,L=Kawasaki-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f3:00:33:2e:0b:65:0a:fa:35:37:80:49:a1:a7:80:1a:5c:55:28:cb
Signer

Actual PE Digest

f3:00:33:2e:0b:65:0a:fa:35:37:80:49:a1:a7:80:1a:5c:55:28:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

TlsGetValue
GlobalFlags
GetCurrentDirectoryA
GetProcessVersion
GetFileSize
SetErrorMode
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
RtlUnwind
ExitProcess
TerminateProcess
RaiseException
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
GetACP
GetTimeZoneInformation
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
GetDriveTypeA
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
VirtualProtect
VirtualQuery
IsBadWritePtr
IsBadReadPtr
GetProcAddress
IsBadCodePtr
FreeLibrary
LoadLibraryA
GetSystemDirectoryA
LocalFree
OutputDebugStringA
FormatMessageA
lstrlenA
GetModuleFileNameA
GetLocalTime
OpenMutexA
CloseHandle
ReleaseMutex
MultiByteToWideChar
GetLastError
CreateMutexA
SetLastError
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
ExpandEnvironmentStringsA
MoveFileExA
WritePrivateProfileStringA
WritePrivateProfileSectionA
GetPrivateProfileSectionA
GetPrivateProfileStringA
SetFileAttributesA
GetFileAttributesA
GetWindowsDirectoryA
GetShortPathNameA
lstrcpyA
lstrcatA
InterlockedExchange
GetTempPathA
Sleep
WaitForSingleObject
OpenProcess
RemoveDirectoryA
GetCurrentProcessId
CopyFileA
DeleteFileA
GetUserDefaultLangID
GetSystemDefaultLCID
GetUserDefaultLCID
GetSystemDefaultLangID
GetExitCodeProcess
CreateThread
GetExitCodeThread
GlobalUnlock
GlobalLock
GetVersionExA
LocalReAlloc
FindClose
SetCurrentDirectoryA
GetPrivateProfileIntA
FindNextFileA
FindFirstFileA
OpenFile
WriteFile
CreateFileA
GetTempFileNameA
WideCharToMultiByte
WriteProfileStringA
GetProfileStringA
lstrcmpiA
GlobalFree
GlobalAlloc
LockResource
LoadResource
FindResourceA
WinExec
HeapFree
HeapAlloc
GetProcessHeap
GetFileTime
lstrcpynA
lstrcmpA
GetPrivateProfileSectionNamesA
MulDiv
GetSystemInfo
GetCurrentThreadId
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
DuplicateHandle
ReadFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetFullPathNameA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
SizeofResource
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
GetModuleHandleA
GlobalReAlloc
EnterCriticalSection
TlsSetValue

user32

TabbedTextOutA
DrawTextA
GrayStringA
DestroyMenu
PtInRect
GetSysColorBrush
InflateRect
GetCapture
WinHelpA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
OffsetRect
GetWindowPlacement
CopyRect
ReleaseDC
SetFocus
SetWindowPos
SetWindowLongA
GetDlgCtrlID
GetWindowTextLengthA
SetWindowTextA
IsDialogMessageA
GetWindowDC
SetDlgItemTextA
SendDlgItemMessageA
CharUpperA
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
LoadStringA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
GetFocus
GetMessageA
GetActiveWindow
GetKeyState
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
PostQuitMessage
RedrawWindow
UpdateWindow
GetDesktopWindow
GetSysColor
GetNextDlgTabItem
GetTopWindow
GetWindow
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
CharNextA
IsWindowUnicode
IntersectRect
ClientToScreen
MapWindowPoints
AdjustWindowRectEx
ScreenToClient
InvalidateRect
ShowWindow
GetWindowTextA
GetClassNameA
EnumWindows
LoadCursorA
SetCursor
SendMessageTimeoutA
ExitWindowsEx
EnableWindow
BringWindowToTop
PeekMessageA
DispatchMessageA
TranslateMessage
GetSystemMenu
EnableMenuItem
GetClientRect
BeginPaint
EndPaint
IsIconic
GetSystemMetrics
DrawIcon
LoadBitmapA
GetWindowRect
GetDC
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SystemParametersInfoA
SetForegroundWindow
LoadIconA
PostMessageA
GetClassInfoA
RegisterClassA
UnregisterClassA
MessageBoxA
FindWindowA
wsprintfA
IsWindow
SendMessageA
ShowCaret
HideCaret
CallNextHookEx

gdi32

GetTextExtentPointA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
SelectPalette
SelectObject
RestoreDC
SaveDC
DeleteDC
SetBkColor
SetTextColor
GetClipBox
PatBlt
CreateBitmap
GetDeviceCaps
DeleteObject
CreateFontIndirectA
CreateSolidBrush
CreatePalette
SetStretchBltMode
SetBrushOrgEx
StretchDIBits
GetStockObject
RealizePalette
BitBlt
GetObjectA
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap

comdlg32

GetFileTitleA

winspool.drv

EnumMonitorsA
EnumPrintProcessorsA
EnumPrintersW
AddPrintProcessorA
AddPrinterA
AddMonitorA
AddPrinterDriverA
EnumJobsA
GetPrinterA
SetPrinterA
DeletePrintProcessorA
DeleteMonitorA
GetPrintProcessorDirectoryA
GetPrinterDriverDirectoryA
SetPrinterW
DocumentPropertiesA
EnumPrintersA
DeletePortA
EnumPortsA
EnumPrinterDriversA
DeletePrinterDriverA
DeletePrinterConnectionW
DeletePrinter
ClosePrinter
DeletePrinterConnectionA
OpenPrinterA

advapi32

RegEnumValueA
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
DeleteService
ControlService
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceConfigA
QueryServiceStatus
RegUnLoadKeyA
RegLoadKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegDeleteKeyA
RegOpenKeyA
RegEnumKeyA
RegCloseKey
RegCreateKeyExA

shell32

SHChangeNotify

comctl32

ord17

ole32

CoInitialize
CoCreateInstance
CoUninitialize

Exports

Exports

??0CDeviceInf@@QAE@ABV0@@Z
??0CDeviceInf@@QAE@XZ
??0CDeviceInfSection@@QAE@ABV0@@Z
??0CDeviceInfSection@@QAE@XZ
??0CImageDriverInf@@QAE@ABV0@@Z
??0CImageDriverInf@@QAE@XZ
??0CIniSections@@QAE@ABV0@@Z
??0CIniSections@@QAE@XZ
??0CManufacturers@@QAE@ABV0@@Z
??0CManufacturers@@QAE@XZ
??0CPrinterDriverInf@@QAE@ABV0@@Z
??0CPrinterDriverInf@@QAE@XZ
??1CDeviceInf@@UAE@XZ
??1CDeviceInfSection@@UAE@XZ
??1CImageDriverInf@@UAE@XZ
??1CIniSections@@UAE@XZ
??1CManufacturers@@UAE@XZ
??1CPrinterDriverInf@@UAE@XZ
??4CDeviceInf@@QAEAAV0@ABV0@@Z
??4CDeviceInfSection@@QAEAAV0@ABV0@@Z
??4CImageDriverInf@@QAEAAV0@ABV0@@Z
??4CIniSections@@QAEAAV0@ABV0@@Z
??4CManufacturers@@QAEAAV0@ABV0@@Z
??4CPrinterDriverInf@@QAEAAV0@ABV0@@Z
??_7CDeviceInf@@6B@
??_7CDeviceInfSection@@6B@
??_7CImageDriverInf@@6B@
??_7CIniSections@@6B@
??_7CManufacturers@@6B@
??_7CPrinterDriverInf@@6B@
??_C@_08GILO@HelpFile?$AA@
??_C@_08OGFF@DataFile?$AA@
??_C@_0L@HDMK@DriverFile?$AA@
??_C@_0L@OJNJ@ConfigFile?$AA@
?AddPrinterA@CPrinterDriverInf@@IAEHPBD000@Z
?AddPrinterDriverA@CPrinterDriverInf@@IAEHPBD000@Z
?AllocAndGetDependentFiles@CPrinterDriverInf@@IAEPADPBD0000@Z
?AllocAndGetValue@CPrinterDriverInf@@IAEPADPBD00@Z
?AllocAndGetValueEx@CPrinterDriverInf@@IAEPADPBD0000@Z
?Clear@CDeviceInf@@QAEXXZ
?Clear@CDeviceInfSection@@QAEXXZ
?Clear@CIniSections@@QAEXXZ
?Clear@CManufacturers@@QAEXXZ
?Count@CDeviceInfSection@@QAEKXZ
?Count@CIniSections@@QAEKXZ
?DoInstall@CDeviceInf@@IAEHPBD00@Z
?GetConfigFile@CPrinterDriverInf@@QAEHPBD0AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@K@Z
?GetDataFile@CPrinterDriverInf@@QAEHPBD0AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@K@Z
?GetDeviceId@CDeviceInf@@QAEPBDK@Z
?GetDeviceIdCount@CDeviceInf@@QAEKXZ
?GetDeviceIdList@CDeviceInf@@IAEHH@Z
?GetDriverDesc@CDeviceInf@@QAEPBDKPBD@Z
?GetDriverFile@CPrinterDriverInf@@QAEHPBD0AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@K@Z
?GetDriverVer@CDeviceInf@@QAEPBDXZ
?GetDriversCount@CDeviceInf@@QAEKPBD@Z
?GetFileInfo@CPrinterDriverInf@@IAEHPBD0AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@K0@Z
?GetFilesFromCopyFilesSection@CPrinterDriverInf@@IAEHPBD0AAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
?GetFullInfo@CDeviceInf@@QAEHH@Z
?GetHelpFile@CPrinterDriverInf@@QAEHPBD0AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@K@Z
?GetInfClass@CDeviceInf@@QAEPBDXZ
?GetInstallSection@CDeviceInf@@IAEKPBD0KPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@1@Z
?GetInstallSection@CDeviceInf@@QAEKPBDHPADPAK12PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetItem@CIniSections@@QAEPBDK@Z
?GetKey@CDeviceInfSection@@QAEPBDK@Z
?GetLanguageMonitorInfo@CPrinterDriverInf@@QAEHPBD0AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@K@Z
?GetList@CDeviceInfSection@@QAEHXZ
?GetList@CIniSections@@QAEHXZ
?GetList@CManufacturers@@QAEHXZ
?GetMfg@CDeviceInf@@QAEPBDK@Z
?GetMfgCount@CDeviceInf@@QAEKXZ
?GetModelsSeed@CManufacturers@@QAEPBDK@Z
?GetPrintProcessorInfo@CPrinterDriverInf@@QAEHPBD0AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@K@Z
?GetSuitableDriverName@CDeviceInf@@QAEKPBDHPADPAK@Z
?GetValue@CDeviceInfSection@@QAEPBDK@Z
?HasSuitableDriver@CDeviceInf@@QAEKPBD0@Z
?Init@CDeviceInf@@QAEHPBDHH@Z
?Init@CDeviceInfSection@@QAEHPBDPAVCInfStringTable@@0@Z
?Init@CImageDriverInf@@QAEHPBDHH@Z
?Init@CIniSections@@QAEHPBD@Z
?Init@CManufacturers@@QAEHPBDPAVCInfStringTable@@0@Z
?Init@CPrinterDriverInf@@QAEHPBDHH@Z
?InitWFN@CDeviceInfSection@@QAEHPBGPAVCInfStringTable@@PBD@Z
?InstallDriver@CDeviceInf@@QAEHPBD0K@Z
?InstallDriver@CDeviceInf@@QAEHPBDH@Z
?InstallDriver@CPrinterDriverInf@@QAEHPBD0K@Z
?InstallDriver@CPrinterDriverInf@@QAEHPBDH@Z
?InstallPrinter@CPrinterDriverInf@@QAEHPBD0K00@Z
?InstallPrinter@CPrinterDriverInf@@QAEHPBDH00@Z
?IsComment@CDeviceInfSection@@IAEHPBD@Z
?SetAltProgress@CDeviceInf@@QAEXPAUHWND__@@I@Z
?SetColorProfile@CPrinterDriverInf@@IAEHPBD0@Z
?SetDirectoryId@CDeviceInf@@MAEHPAXPBD1@Z
?SetDirectoryId@CPrinterDriverInf@@MAEHPAXPBD1@Z
?SetOwner@CDeviceInf@@QAEXPAUHWND__@@@Z

Sections

.text
Size: 468KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77b1ca35e2873fdeed695e9c4adc5773

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

2e:8a:d4:08:54:52:fd:13:0f:fa:5e:1e:e0:a2:7e:1eCertificate

Extended Key Usages

Key Usages

f3:00:33:2e:0b:65:0a:fa:35:37:80:49:a1:a7:80:1a:5c:55:28:cbSigner

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

Exports

Exports

Sections

.text Size: 468KB - Virtual size: 464KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 96KB - Virtual size: 112KB

.rsrc Size: 68KB - Virtual size: 65KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2e:8a:d4:08:54:52:fd:13:0f:fa:5e:1e:e0:a2:7e:1e
Certificate

f3:00:33:2e:0b:65:0a:fa:35:37:80:49:a1:a7:80:1a:5c:55:28:cb
Signer

.text
Size: 468KB - Virtual size: 464KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 96KB - Virtual size: 112KB

.rsrc
Size: 68KB - Virtual size: 65KB