PnPUnattend[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

PnPUnattend.exe
Size

53KB
MD5

5f9749404fa417449beefb0668981106
SHA1

4c8a6f9bc29f189fce54e0bfd08133d9f0bdd7b4
SHA256

1520c39d87aa4c2d074aa45f0c6afe5aa1da6609edceb4a49c54ad04e4199d42
SHA512

56c6bd27a3771fe8720c346697e4c55d88b642a198396b43f4cf20dd2a37e1a3ce7e7dd9ea9e5327269907266575a3e935acdfa6825cb20534401339a9814be1
SSDEEP

768:Z24N5l7HxjQVWZxNUHkK3/ZcwbV1k6dJRhpbJGHuryQ87UfVbyXJMTcsZcSwCOWv:3NQkykKvDpNJFbJGHurG49buMV5OWv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PnPUnattend.exe

Files

PnPUnattend.exe
.exe windows:10 windows x86

791e5470a1194e533991c7e99a194b5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
CheckTokenMembership
RegLoadKeyW
RegUnLoadKeyW
RegEnumKeyExW
ConvertStringSidToSidW
RegQueryInfoKeyW
RegEnumKeyW
RegCloseKey
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
FreeSid
AllocateAndInitializeSid
GetTraceLoggerHandle

kernel32

LoadLibraryExW
CreateDirectoryW
GetFileAttributesW
SetEndOfFile
MapViewOfFile
CreateFileMappingW
GetProcessHeap
SetFilePointer
WaitForSingleObject
OpenEventW
GetVersionExW
lstrcmpW
lstrcmpiW
FreeLibrary
FindClose
ExpandEnvironmentStringsW
lstrlenW
FindNextFileW
CompareStringW
FindFirstFileW
DebugBreak
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapReAlloc
OutputDebugStringW
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
OutputDebugStringA
EnterCriticalSection
HeapFree
HeapCreate
GetModuleFileNameA
GetModuleHandleW
LocalFree
GetLastError
FormatMessageW
GetFullPathNameW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
CreateEventW
WaitForSingleObjectEx
CloseHandle
SetEvent
SetLastError
GetSystemWindowsDirectoryW
GetProcAddress
RaiseException
LCMapStringW
WaitForMultipleObjectsEx
ReleaseMutex
CompareStringOrdinal
GetThreadLocale
UnmapViewOfFile
CreateMutexW

msvcrt

_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
memcpy
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
wcschr
strrchr
_vsnprintf
_wcsicmp
_vsnwprintf
wprintf
_resetstkoflw
_wcsnicmp
wcsrchr
__setusermatherr
memset

user32

LoadStringW

setupapi

SetupCloseInfFile
SetupFindNextLine
SetupGetFieldCount
SetupDiGetINFClassW
SetupFindFirstLineW
SetupOpenInfFileW
SetupGetStringFieldW
SetupDiGetActualModelsSectionW

newdev

DiInstallDriverW

rpcrt4

RpcStringFreeW
UuidToStringW

mpr

WNetCancelConnection2W
WNetAddConnection2W

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlNtStatusToDosError

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

791e5470a1194e533991c7e99a194b5a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

setupapi

newdev

rpcrt4

mpr

ntdll

Sections

.text Size: 42KB - Virtual size: 41KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 42KB - Virtual size: 41KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB