ryzenadj-win64[.]zip

Resubmissions

01/11/2023, 14:07

231101-re2zjabe8t 7

01/11/2023, 08:19

231101-j7tjvscg91 3

Sharing

Copy URL Twitter E-mail

General

Target

ryzenadj-win64.zip
Size

126KB
MD5

f907fe29dbf982e53c70711fbde54d2e
SHA1

837f41039ea7c16d7b6d35e115b5b5c06291908d
SHA256

f5c3fb31a380af6f463520f897e28d386a4e367b3438c9272dafa6036762f7ec
SHA512

8b38686819ce7345260915684685b946177ef759d67174838eb0999a965e27dcd3f7a1eb1444f792bb86a73266aa6af6136edfb18fce16cb17507718781ffda6
SSDEEP

3072:GqUISrkFdZR9W6dUW/o8vy39J/suX7OIU9yvMp3gaWEBzM:GqUX8d/LdF/JK37suLL/Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WinRing0x64.dll
unpack001/inpoutx64.dll
unpack001/libryzenadj.dll
unpack001/ryzenadj.exe

Files

ryzenadj-win64.zip
.zip
RyzenAdjServiceTask.xml.template
.xml
WinRing0x64.dll
.dll windows:4 windows x64

7c1c1d24ee5f4360e2d2d3b17479b9d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

SetProcessAffinityMask
GetModuleFileNameW
CreateFileW
GetVersionExW
FindFirstFileW
GetProcessAffinityMask
GetDriveTypeW
Sleep
GetCurrentProcess
SetThreadAffinityMask
GetCurrentThread
DeviceIoControl
CloseHandle
HeapFree
GetProcessHeap
HeapAlloc
FindClose
GetLastError
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
RtlUnwindEx
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

user32

wsprintfW

advapi32

OpenSCManagerW
QueryServiceConfigW
ControlService
StartServiceW
DeleteService
ChangeServiceConfigW
OpenServiceW
CreateServiceW
CloseServiceHandle

Exports

Exports

Cpuid
CpuidPx
CpuidTx
DeinitializeOls
FindPciDeviceByClass
FindPciDeviceById
GetDllStatus
GetDllVersion
GetDriverType
GetDriverVersion
Hlt
HltPx
HltTx
InitializeOls
IsCpuid
IsMsr
IsTsc
Rdmsr
RdmsrPx
RdmsrTx
Rdpmc
RdpmcPx
RdpmcTx
Rdtsc
RdtscPx
RdtscTx
ReadIoPortByte
ReadIoPortByteEx
ReadIoPortDword
ReadIoPortDwordEx
ReadIoPortWord
ReadIoPortWordEx
ReadPciConfigByte
ReadPciConfigByteEx
ReadPciConfigDword
ReadPciConfigDwordEx
ReadPciConfigWord
ReadPciConfigWordEx
SetPciMaxBusIndex
WriteIoPortByte
WriteIoPortByteEx
WriteIoPortDword
WriteIoPortDwordEx
WriteIoPortWord
WriteIoPortWordEx
WritePciConfigByte
WritePciConfigByteEx
WritePciConfigDword
WritePciConfigDwordEx
WritePciConfigWord
WritePciConfigWordEx
Wrmsr
WrmsrPx
WrmsrTx

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinRing0x64.sys
.sys windows:6 windows x64

d41fa95d4642dc981f10de36f4dc8cd7

Code Sign

01:00:00:00:00:01:15:37:24:21:a8
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

24/09/2007, 10:50

Not After

24/09/2008, 10:50

Subject

CN=Noriyuki MIYAZAKI,C=JP,1.2.840.113549.1.9.1=#0c196869796f6869796f406372797374616c6d61726b2e696e666f

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/12/2003, 13:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:10:92:eb:82:95
Certificate

Issuer

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Not Before

05/02/2007, 09:00

Not After

27/01/2014, 09:00

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign,1.2.840.113549.1.9.1=#0c1c74696d657374616d70696e666f40676c6f62616c7369676e2e636f6d

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:68:21:a3:91:74:d2:9f:6f:87:91:cf:9f:44:f1:a1:f3:43:9d:da
Signer

Actual PE Digest

26:68:21:a3:91:74:d2:9f:6f:87:91:cf:9f:44:f1:a1:f3:43:9d:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
RtlInitUnicodeString
IoDeleteDevice
IoCreateDevice
MmMapIoSpace
KeBugCheckEx
IoCreateSymbolicLink
MmUnmapIoSpace
IofCompleteRequest
__C_specific_handler

hal

HalSetBusDataByOffset
HalGetBusDataByOffset

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
demo.bat
inpoutx64.dll
.dll windows:4 windows x64

e3492ab84389ec220c847d561b8eb7cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
LockResource
LoadResource
FindResourceA
SizeofResource
GetVersionExA
GetProcAddress
GetModuleHandleA
WriteFile
GetLastError
DeviceIoControl
OutputDebugStringA
GetSystemDirectoryA
CloseHandle
GetCurrentThreadId
FlsSetValue
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
ExitProcess
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
Sleep
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
RtlUnwindEx
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSection
HeapReAlloc
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
FlushFileBuffers

advapi32

StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
OpenServiceA

Exports

Exports

DlPortReadPortUchar
DlPortReadPortUlong
DlPortReadPortUshort
DlPortWritePortUchar
DlPortWritePortUlong
DlPortWritePortUshort
GetPhysLong
Inp32
IsInpOutDriverOpen
IsXP64Bit
MapPhysToLin
Out32
SetPhysLong
UnmapPhysicalMemory

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 734B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
installServiceTask.bat
libryzenadj.dll
.dll windows:6 windows x64

3d13d50af742959dd1b615303bef88db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

winring0x64

ord83
ord8
ord7
ord86
ord1

kernel32

RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
RtlCaptureContext
DisableThreadLibraryCalls
IsDebuggerPresent
InitializeSListHead

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memcpy
memcmp
memset

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func

api-ms-win-crt-heap-l1-1-0

malloc
free
calloc

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit
_initialize_narrow_environment

Exports

Exports

cleanup_ryzenadj
get_apu_skin_temp_limit
get_apu_skin_temp_value
get_apu_slow_limit
get_apu_slow_value
get_bios_if_ver
get_cclk_busy_value
get_cclk_setpoint
get_core_clk
get_core_power
get_core_temp
get_core_volt
get_cpu_family
get_dgpu_skin_temp_limit
get_dgpu_skin_temp_value
get_fast_limit
get_fast_value
get_fclk
get_gfx_clk
get_gfx_temp
get_gfx_volt
get_l3_clk
get_l3_logic
get_l3_temp
get_l3_vddm
get_mem_clk
get_psi0_current
get_psi0soc_current
get_slow_limit
get_slow_time
get_slow_value
get_soc_power
get_soc_volt
get_socket_power
get_stapm_limit
get_stapm_time
get_stapm_value
get_table_size
get_table_values
get_table_ver
get_tctl_temp
get_tctl_temp_value
get_vrm_current
get_vrm_current_value
get_vrmmax_current
get_vrmmax_current_value
get_vrmsoc_current
get_vrmsoc_current_value
get_vrmsocmax_current
get_vrmsocmax_current_value
init_ryzenadj
init_table
refresh_table
set_apu_skin_temp_limit
set_apu_slow_limit
set_coall
set_cogfx
set_coper
set_dgpu_skin_temp_limit
set_disable_oc
set_enable_oc
set_fast_limit
set_gfx_clk
set_max_fclk_freq
set_max_gfxclk_freq
set_max_lclk
set_max_performance
set_max_socclk_freq
set_max_vcn
set_min_fclk_freq
set_min_gfxclk_freq
set_min_lclk
set_min_socclk_freq
set_min_vcn
set_oc_clk
set_oc_volt
set_per_core_oc_clk
set_power_saving
set_prochot_deassertion_ramp
set_psi0_current
set_psi0soc_current
set_psi3cpu_current
set_psi3gfx_current
set_skin_temp_power_limit
set_slow_limit
set_slow_time
set_stapm_limit
set_stapm_time
set_tctl_temp
set_vrm_current
set_vrmcvip_current
set_vrmgfx_current
set_vrmgfxmax_current
set_vrmmax_current
set_vrmsoc_current
set_vrmsocmax_current

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pmtable-example.py
readjust.py
readjustService.ps1
.ps1
ryzenadj.exe
.exe windows:6 windows x64

f81e1e2524fd131fc958226222b1a34c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winring0x64

ord8
ord7
ord83
ord86
ord1

kernel32

GetModuleHandleW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
RtlCaptureContext
InitializeSListHead
IsDebuggerPresent

vcruntime140

memset
__current_exception
__C_specific_handler
memmove
memcpy
__current_exception_context
memcmp

api-ms-win-crt-stdio-l1-1-0

_set_fmode
fputc
__acrt_iob_func
__p__commode
__stdio_common_vfprintf

api-ms-win-crt-heap-l1-1-0

malloc
calloc
_set_new_mode
free

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-runtime-l1-1-0

_c_exit
_cexit
__p___argv
_register_onexit_function
_crt_atexit
terminate
_initterm_e
__p___argc
_exit
_set_app_type
_initterm
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_seh_filter_exe
strerror_s
_initialize_narrow_environment
_configure_narrow_argv
_initialize_onexit_table
exit
_errno

api-ms-win-crt-convert-l1-1-0

strtoul
strtol
strtof

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

cleanup_ryzenadj
get_apu_skin_temp_limit
get_apu_skin_temp_value
get_apu_slow_limit
get_apu_slow_value
get_bios_if_ver
get_cclk_busy_value
get_cclk_setpoint
get_core_clk
get_core_power
get_core_temp
get_core_volt
get_cpu_family
get_dgpu_skin_temp_limit
get_dgpu_skin_temp_value
get_fast_limit
get_fast_value
get_fclk
get_gfx_clk
get_gfx_temp
get_gfx_volt
get_l3_clk
get_l3_logic
get_l3_temp
get_l3_vddm
get_mem_clk
get_psi0_current
get_psi0soc_current
get_slow_limit
get_slow_time
get_slow_value
get_soc_power
get_soc_volt
get_socket_power
get_stapm_limit
get_stapm_time
get_stapm_value
get_table_size
get_table_values
get_table_ver
get_tctl_temp
get_tctl_temp_value
get_vrm_current
get_vrm_current_value
get_vrmmax_current
get_vrmmax_current_value
get_vrmsoc_current
get_vrmsoc_current_value
get_vrmsocmax_current
get_vrmsocmax_current_value
init_ryzenadj
init_table
refresh_table
set_apu_skin_temp_limit
set_apu_slow_limit
set_coall
set_cogfx
set_coper
set_dgpu_skin_temp_limit
set_disable_oc
set_enable_oc
set_fast_limit
set_gfx_clk
set_max_fclk_freq
set_max_gfxclk_freq
set_max_lclk
set_max_performance
set_max_socclk_freq
set_max_vcn
set_min_fclk_freq
set_min_gfxclk_freq
set_min_lclk
set_min_socclk_freq
set_min_vcn
set_oc_clk
set_oc_volt
set_per_core_oc_clk
set_power_saving
set_prochot_deassertion_ramp
set_psi0_current
set_psi0soc_current
set_psi3cpu_current
set_psi3gfx_current
set_skin_temp_power_limit
set_slow_limit
set_slow_time
set_stapm_limit
set_stapm_time
set_tctl_temp
set_vrm_current
set_vrmcvip_current
set_vrmgfx_current
set_vrmgfxmax_current
set_vrmmax_current
set_vrmsoc_current
set_vrmsocmax_current

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstallServiceTask.bat

Resubmissions

Sharing

General

Malware Config

Signatures

Files

7c1c1d24ee5f4360e2d2d3b17479b9d4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 9KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 624B

d41fa95d4642dc981f10de36f4dc8cd7

Code Sign

01:00:00:00:00:01:15:37:24:21:a8Certificate

Key Usages

04:00:00:00:00:00:f9:7f:aa:2e:1eCertificate

Key Usages

04:00:00:00:00:01:08:d9:61:1c:d6Certificate

Key Usages

04:00:00:00:00:01:10:92:eb:82:95Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:08:d9:61:24:48Certificate

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

26:68:21:a3:91:74:d2:9f:6f:87:91:cf:9f:44:f1:a1:f3:43:9d:daSigner

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 380B

.data Size: 512B - Virtual size: 276B

.pdata Size: 512B - Virtual size: 96B

INIT Size: 1024B - Virtual size: 546B

.rsrc Size: 1024B - Virtual size: 960B

e3492ab84389ec220c847d561b8eb7cd

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 5KB - Virtual size: 13KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 1024B - Virtual size: 734B

3d13d50af742959dd1b615303bef88db

Headers

DLL Characteristics

File Characteristics

Imports

winring0x64

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 624B

01:00:00:00:00:01:15:37:24:21:a8
Certificate

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

04:00:00:00:00:01:10:92:eb:82:95
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

26:68:21:a3:91:74:d2:9f:6f:87:91:cf:9f:44:f1:a1:f3:43:9d:da
Signer

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 380B

.data
Size: 512B - Virtual size: 276B

.pdata
Size: 512B - Virtual size: 96B

INIT
Size: 1024B - Virtual size: 546B

.rsrc
Size: 1024B - Virtual size: 960B

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 5KB - Virtual size: 13KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 1024B - Virtual size: 734B

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 44B

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 68B