drvinst[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

drvinst.exe
Size

110KB
MD5

e9e0977aa1067caca5969afd1d225e55
SHA1

9e04087efbee54ce13af9f601a1c80c28178d972
SHA256

0989c392bc0b8d3fd4d1267e59b2e11bcb31cb8a5f4c8b2bf4563ca2ce4e2653
SHA512

18ed875fe1ba327b137ce9488fb27bf6e1c03d2dafffc2e5f218a1c77f4874e72bfe3e4da654d8936ffd55bd9a8b12100d5372d811d7ad5864ee4db812c03272
SSDEEP

1536:hwlhXzPpYYAlovU/UhN0UR8lraq6ggyDE2dwd2FhvyETLLBjJipKyby:hwTDPpFcUheUfgg+Qd2zLLBjApKy+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
drvinst.exe

Files

drvinst.exe
.exe windows:6 windows x64

095bdec8c51f6097603610f3ecea5068

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_vsnprintf
swscanf
memcpy
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_wcsnicmp
_wcsicmp
_vsnwprintf
wcsrchr
wcschr
toupper
_resetstkoflw
memmove
memset

ntdll

RtlVirtualUnwind
RtlFormatCurrentUserKeyPath
RtlFreeUnicodeString
NtClose
RtlInitUnicodeString
NtOpenKey
NtCreateKey
NtQueryKey
NtQueryValueKey
NtSetValueKey
RtlGetVersion
NtQueryInformationFile
NtSetInformationFile
RtlLookupFunctionEntry
RtlCaptureContext
NtQuerySystemInformation
EtwEventWrite
RtlInitUnicodeStringEx
WinSqmSetString
WinSqmEndSession
WinSqmSetDWORD
WinSqmStartSession
RtlUpcaseUnicodeString
DbgPrintEx
EtwGetTraceLoggerHandle
EtwUnregisterTraceGuids
EtwEventUnregister
EtwRegisterTraceGuidsW
EtwTraceMessage
RtlNtStatusToDosError
EtwEventRegister
NtQueryInformationProcess
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel

api-ms-win-core-debug-l1-1-1

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-1

SetErrorMode
GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-2-1

CompareFileTime
GetFileAttributesExW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-heap-l1-2-0

HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW

api-ms-win-core-memory-l1-1-2

UnmapViewOfFile
MapViewOfFile

api-ms-win-core-processthreads-l1-1-2

OpenProcess
ExitProcess
GetExitCodeThread
GetCurrentProcessId
OpenProcessToken
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
CreateThread

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-synch-l1-2-0

WaitForMultipleObjectsEx
CreateEventW
WaitForSingleObject
SetEvent
WaitForSingleObjectEx
ReleaseMutex
Sleep
CreateMutexW

api-ms-win-core-sysinfo-l1-2-1

GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount

setupapi

SetupVerifyInfFileW
SetupDiSetClassInstallParamsW
SetupDiGetClassInstallParamsW
SetupDiRestartDevices
SetupDiGetActualSectionToInstallW
SetupWriteTextLogError
SetupSetFileQueueFlags
SetupDiGetClassPropertyW
SetupDiBuildDriverInfoList
pSetupStringFromGuid
SetupGetInfDriverStoreLocationW
pSetupDiGetStrongNameForDriverNode
SetupDiOpenDevRegKey
pSetupSetGlobalFlags
SetupDiSetSelectedDriverW
pSetupDiCrimsonLogDeviceInstall
SetupDiGetSelectedDriverW
SetupDiReportPnPDeviceProblem
SetupDefaultQueueCallbackW
SetupDiEnumDriverInfoW
SetupScanFileQueueW
SetupTermDefaultQueueCallback
SetupCloseFileQueue
SetupDiSetDriverInstallParamsW
SetupDiGetDriverInstallParamsW
SetupUninstallNewlyCopiedInfs
pSetupGetGlobalFlags
SetupDiSetClassPropertyW
pSetupDiEnumSelectedDrivers
SetupOpenFileQueue
SetupGetFileQueueFlags
pSetupDoLastKnownGoodBackup
SetupCommitFileQueueW
SetupDiSetDeviceInstallParamsW
SetupInitDefaultQueueCallbackEx
SetupDiInstallClassW
SetupDiGetDriverInfoDetailW
pGetDriverPackageHash
SetupDiGetDeviceInstanceIdW
SetupFindNextLine
SetupSetThreadLogToken
pSetupDiBuildInfoDataFromStrongName
SetupDiGetDevicePropertyW
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList
SetupGetNonInteractiveMode
SetupGetThreadLogToken
SetupDiOpenDeviceInfoW
SetupDiReportDeviceInstallError
SetupFindFirstLineW
pSetupUninstallCatalog
SetupGetFieldCount
SetupDiGetActualModelsSectionW
SetupOpenInfFileW
SetupDiCallClassInstaller
SetupCloseInfFile
SetupDiEnumDeviceInfo
SetupDiRemoveDevice
pSetupInstallCatalog
SetupDiSetDevicePropertyW
SetupGetStringFieldW
SetupWriteTextLog
pSetupSetDriverPackageRestorePoint
SetupDiGetClassDevsW
pSetupValidateDriverPackage
SetupDiGetDeviceInstallParamsW
SetupPromptReboot

kernel32

GetSystemInfo
CreateDirectoryW
GetFileAttributesW
GetFullPathNameW
SetEndOfFile
CreateFileMappingW
SleepEx
MoveFileExW
FindClose
FindNextFileW
SetFileAttributesW
lstrcmpW
FindFirstFileW
DeleteFileW
GetFileInformationByHandle
CreateHardLinkW
SetFilePointer
FlushFileBuffers
GetFileSize
GetLocalTime
WriteFile
ResolveDelayLoadedAPI
DelayLoadFailureHook
LocalAlloc
FileTimeToLocalFileTime
GetCommandLineA
GetModuleFileNameA
RegEnumValueW
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
GetThreadLocale
LCMapStringW
DeviceIoControl
CreateFileW
CompareStringW
lstrlenA
WideCharToMultiByte
RaiseException
GetSystemWindowsDirectoryW
lstrcmpiW
FileTimeToSystemTime
LoadLibraryW
lstrlenW
LocalFree
SetConsoleCtrlHandler
GetCommandLineW

api-ms-win-security-base-l1-2-0

IsValidSid
SetSecurityDescriptorDacl
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
DuplicateTokenEx
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
InitializeSecurityDescriptor

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

095bdec8c51f6097603610f3ecea5068

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-debug-l1-1-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-memory-l1-1-2

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

setupapi

kernel32

api-ms-win-security-base-l1-2-0

Sections

.text Size: 93KB - Virtual size: 92KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.idata Size: 10KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 304B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 156B

.text
Size: 93KB - Virtual size: 92KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.idata
Size: 10KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 304B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 156B