dispdiag[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

dispdiag.exe
Size

86KB
MD5

0192a141a2f8bf6b8721c337488ce2d2
SHA1

def2b5c35c65360eae96b3930c9e3d1f4fc41b5f
SHA256

dc0dde1b7feed4184a181c2ce437a1b2f1b67da052105392e852654710da2132
SHA512

937898c8011b74dc81d4cf2331ff72f686f5a3df5cd6493053609147ae887b389a43278ab609f30f4e997704a8e1440e433e50934357ce5ebb881fdf55f673e4
SSDEEP

1536:zDaiegJuR5dpMF4B7Li8wJ7fAZWFWF452RS9r7fJQx/xRPnCylP0:XaJrMFK722ZWFW+KyXMxIylM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dispdiag.exe

Files

dispdiag.exe
.exe windows:6 windows x64

521ada08882375def09152ed0ef9a0bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegGetValueW
ConvertStringSecurityDescriptorToSecurityDescriptorA
StartTraceA
ControlTraceA
OpenTraceA
EnableTraceEx2
ProcessTrace

kernel32

GetVersionExW
GetSystemInfo
MultiByteToWideChar
LoadLibraryA
GetProcAddress
LoadLibraryExW
FreeLibrary
CreateFileW
ExpandEnvironmentStringsA
CreateDirectoryA
LoadLibraryW
CloseHandle
GetLocalTime
GetCurrentDirectoryW
GetCurrentThreadId
GetCurrentProcessId
LocalFree
Beep
OutputDebugStringA
SetLastError
CreateThread
OutputDebugStringW
WriteConsoleW
GetStdHandle
ReadConsoleInputA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
WriteFile
GetLastError
Sleep
GetModuleHandleW

msvcrt

_initterm
__setusermatherr
_cexit
_exit
exit
??1exception@@UEAA@XZ
__set_app_type
__getmainargs
_amsg_exit
??0exception@@QEAA@AEBV0@@Z
?what@exception@@UEBAPEBDXZ
_vsnwprintf
_XcptFilter
memcpy_s
_CxxThrowException
?terminate@@YAXXZ
free
isspace
strtoul
isxdigit
tolower
iswprint
??0exception@@QEAA@AEBQEBDH@Z
malloc
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
_commode
memcpy
atoi
_strnicmp
_resetstkoflw
_fmode
_callnewh
__C_specific_handler
strcpy_s
_wcsnicmp
printf
_vsnprintf
__CxxFrameHandler3
memset

user32

EnumDisplayMonitors
EnumDisplaySettingsExW
EnumDisplayDevicesW
SystemParametersInfoA
GetWindowDC
GetAutoRotationState
GetSystemMetrics
GetMonitorInfoW

gdi32

GetDeviceCaps
GetCurrentDpiInfo

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDriverInfoList
SetupDiOpenDevRegKey
SetupDiGetDriverInfoDetailA
SetupDiEnumDriverInfoA
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsA
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDeviceInterfaceW

wmi

WmiExecuteMethodW
WmiQuerySingleInstanceW
WmiCloseBlock
WmiOpenBlock
WmiDevInstToInstanceNameW

ntdll

RtlLookupFunctionEntry
RtlAdjustPrivilege
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor
SetProcessDpiAwareness

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

521ada08882375def09152ed0ef9a0bf

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

gdi32

setupapi

wmi

ntdll

api-ms-win-shcore-scaling-l1-1-1

Sections

.text Size: 73KB - Virtual size: 72KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 2KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 264B

.text
Size: 73KB - Virtual size: 72KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 2KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 264B