autochk[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

autochk.exe
Size

843KB
MD5

6cc573506ca6dce67dbc7cd52a6bb5a1
SHA1

7147c51491e31af706d200d8d5e7ea0b4669abba
SHA256

f0fb164939b0950544ed35086ebb3ac170db7bb2a716f95fa2b5985551f1af5d
SHA512

82e47584b005dabca2642b76376765c63603998c4c987099231d0756d88f9030c62bb072ea1b795b79bc3a9be514dcdd82d15e058c291e6b308cb8df28ef998e
SSDEEP

12288:mP7JqyWLcoXy6XF0hOr0Jyo0J2O16jPB714ecCA11ZoKMF3Jw3rRc:mTJq9y6XqhNyo7O16jX4JCA1oKMwbR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
autochk.exe

Files

autochk.exe
.sys windows:10 windows x86

1e696fc160c41687522ccba9c5b54075

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlCompareUnicodeString
NtQuerySystemTime
NtOpenSymbolicLinkObject
DbgPrintEx
RtlEqualUnicodeString
NtWriteFile
_wcsicmp
NtOpenKey
RtlPublishWnfStateData
NtQuerySymbolicLinkObject
LdrSetMUICacheType
RtlSetSystemBootStatus
RtlInitUnicodeString
RtlGetSystemBootStatus
RtlPrefixUnicodeString
NtSerializeBoot
NtClose
NtOpenDirectoryObject
NtFsControlFile
wcsstr
NtQueryDirectoryObject
NtCreateFile
NtOpenFile
NtQueryValueKey
NtTerminateProcess
RtlCaptureContext
RtlUnhandledExceptionFilter
_aullshr
RtlUnwind
memmove
RtlFreeAnsiString
RtlAllocateHeap
RtlNormalizeProcessParams
RtlUnicodeStringToAnsiString
isspace
_vsnprintf
_vsnwprintf
RtlMultiByteToUnicodeN
RtlOemToUnicodeN
RtlUnicodeToMultiByteN
RtlUnicodeToOemN
wcsspn
_wtol
_wtoi64
_wcsupr
_wcslwr
wcschr
NtDeviceIoControlFile
RtlQueryRegistryValuesEx
RtlWriteRegistryValue
RtlGetPersistedStateLocation
wcscpy_s
wcscat_s
NtQueryInformationFile
NtQueryVolumeInformationFile
wcstoul
_wcstoui64
NtReadFile
RtlRaiseStatus
qsort
NtDelayExecution
NtQuerySystemInformation
RtlSizeHeap
RtlFreeHeap
NtDrawText
swprintf_s
NtCreateEvent
NtClearEvent
NtSetThreadExecutionState
NtWaitForMultipleObjects
NtCancelIoFile
RtlNumberGenericTableElementsAvl
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
NtOpenProcessToken
NtAdjustPrivilegesToken
NtShutdownSystem
RtlExpandEnvironmentStrings_U
NtSetInformationFile
RtlValidRelativeSecurityDescriptor
RtlGetVersion
RtlTimeToTimeFields
VerSetConditionMask
RtlVerifyVersionInfo
NtDisplayString
RtlRandomEx
NtQueryPerformanceCounter
isprint
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlEnterCriticalSection
RtlTryEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeSRWLock
RtlInitializeCriticalSection
NtFreeVirtualMemory
NtSetEvent
RtlCaptureStackBackTrace
NtAllocateVirtualMemory
NtWaitForSingleObject
NtResetEvent
wcsncmp
RtlFindMessage
RtlInitUTF8StringEx
RtlInitAnsiStringEx
RtlUTF8StringToUnicodeString
RtlAnsiStringToUnicodeString
RtlFormatMessage
RtlDeleteSecurityObject
RtlLengthRequiredSid
RtlInitializeSid
RtlSubAuthoritySid
RtlLengthSid
RtlCopySid
RtlAddAce
RtlCreateAcl
RtlQueryInformationAcl
RtlCreateSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlNewSecurityObject
RtlValidSecurityDescriptor
RtlLengthSecurityDescriptor
RtlAddAccessAllowedAce
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlInitializeBitMap
RtlSetBits
RtlLookupElementGenericTable
RtlClearBits
RtlFindSetBits
RtlDeleteElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
RtlNumberOfSetBits
RtlInitializeGenericTableAvl
RtlEnumerateGenericTableAvl
RtlLookupFirstMatchingElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableFullAvl
RtlInsertElementGenericTableFullAvl
RtlDeleteElementGenericTableAvlEx
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlSystemTimeToLocalTime
RtlCrc64
RtlUpcaseUnicodeString
RtlComputeCrc32
DbgPrint
NtOpenThreadToken
_wcsnicmp
RtlCreateSystemVolumeInformationFolder
EtwEventUnregister
EtwEventRegister
EtwEventSetInformation
EtwEventWriteTransfer
NtFlushBuffersFile
_alldiv
_alldvrm
_allmul
_allrem
_allshl
_aulldiv
_aulldvrm
_aullrem
_chkstk
memcmp
memcpy
memset

Sections

.text
Size: 539KB - Virtual size: 538KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e696fc160c41687522ccba9c5b54075

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

Sections

.text Size: 539KB - Virtual size: 538KB

.data Size: 11KB - Virtual size: 12KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 272KB - Virtual size: 272KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 539KB - Virtual size: 538KB

.data
Size: 11KB - Virtual size: 12KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 272KB - Virtual size: 272KB

.reloc
Size: 14KB - Virtual size: 13KB