SensorDataService[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SensorDataService.exe
Size

874KB
MD5

4337a7ef39920521559839da3dcb4b01
SHA1

d5e58a89639c8d9187a7b0e4040e05c7244ae63b
SHA256

f1bad976b5f3b09091cea9b9a9e7057de54fda5fba05250e6104851e674d10a9
SHA512

c4d6e08ed089fd5ed65871253ba31807ae3daa5e5307f41183d4c2507eed1070c2885447d47df405ef69670d763425a66bca4efd6a392d5e52e2a1ae9bbaa507
SSDEEP

12288:H3ZATCRM+9f3PYDs3x33AlFlkcdvt3iDN8vSTE5R/:H32zsf/YDqxAPBF3iD+STET

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SensorDataService.exe

Files

SensorDataService.exe
.exe windows:10 windows x86

75868d8d38bbcfcd3778694ddfff563a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??1exception@@UAE@XZ
__p__fmode
?what@exception@@UBEPBDXZ
__CxxFrameHandler3
_cexit
memcpy
_CxxThrowException
_exit
exit
memcmp
memmove
_vsnwprintf_s
_wcsicmp
sprintf
_XcptFilter
__set_app_type
_initterm
?terminate@@YAXXZ
__setusermatherr
__wgetmainargs
_amsg_exit
??8type_info@@QBEHABV0@@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@XZ
realloc
memmove_s
swprintf_s
wcscpy_s
_callnewh
_snwprintf_s
_wcsnicmp
free
_vsnprintf_s
memcpy_s
_vsnwprintf
??_V@YAXPAX@Z
__p__commode
_lock
_unlock
__dllonexit
_ftol2
malloc
_onexit
_except_handler4_common
wprintf_s
_purecall
_controlfp
??3@YAXPAX@Z
??1type_info@@UAE@XZ
memset

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-libraryloader-l1-2-0

RemoveDllDirectory
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
LoadStringW
GetModuleFileNameA
AddDllDirectory
GetModuleHandleExW
FreeLibrary
GetModuleHandleA

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError
RaiseException

api-ms-win-service-core-l1-1-1

RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
SetServiceStatus

api-ms-win-core-synch-l1-2-0

Sleep
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
CreateSemaphoreExW
InitializeCriticalSectionEx
DeleteCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
CreateEventExW
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
ResetEvent
CreateMutexExW
SetEvent

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
OpenProcessToken
OpenProcess

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetTickCount64
GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-service-management-l1-1-0

CloseServiceHandle
CreateServiceW
DeleteService
StartServiceW
OpenServiceW
OpenSCManagerW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoActivateInstance
RoUninitialize

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegGetValueW
RegCloseKey
RegNotifyChangeKeyValue
RegEnumKeyExW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx
ChangeServiceConfig2W

api-ms-win-service-winsvc-l1-2-0

ControlService

api-ms-win-core-winrt-error-l1-1-1

RoOriginateError
RoTransformError

api-ms-win-core-com-l1-1-1

CoGetApartmentType
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCompareStringOrdinal
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsCreateStringReference
WindowsDeleteString
WindowsIsStringEmpty
WindowsDuplicateString

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-base-l1-2-0

GetTokenInformation
DuplicateToken
FreeSid
CheckTokenMembership
CheckTokenCapability
AllocateAndInitializeSid

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

ntdll

RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWait
CloseThreadpoolIo
SetThreadpoolWait
CreateThreadpool
WaitForThreadpoolIoCallbacks
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CancelThreadpoolIo
WaitForThreadpoolWorkCallbacks
CloseThreadpool
CreateThreadpoolWork
CloseThreadpoolWork
StartThreadpoolIo
SubmitThreadpoolWork
FreeLibraryWhenCallbackReturns
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
SetThreadpoolThreadMaximum
WaitForThreadpoolTimerCallbacks
CreateThreadpoolIo

api-ms-win-core-namedpipe-l1-2-0

ConnectNamedPipe
CreateNamedPipeW

api-ms-win-core-io-l1-1-1

GetOverlappedResult

api-ms-win-core-file-l1-2-1

ReadFile
WriteFile

api-ms-win-core-kernel32-legacy-l1-1-1

GetNamedPipeClientProcessId

Sections

.text
Size: 821KB - Virtual size: 820KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75868d8d38bbcfcd3778694ddfff563a

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-service-core-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-winsvc-l1-2-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-shlwapi-legacy-l1-1-0

ntdll

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-namedpipe-l1-2-0

api-ms-win-core-io-l1-1-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-kernel32-legacy-l1-1-1

Sections

.text Size: 821KB - Virtual size: 820KB

.data Size: 5KB - Virtual size: 50KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 821KB - Virtual size: 820KB

.data
Size: 5KB - Virtual size: 50KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 36KB