EnableSeLoadDriverPrivilege[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

EnableSeLoadDriverPrivilege.exe
Size

117KB
MD5

47ef008aa2698a8b3fce1de6e1c1346a
SHA1

cbdd874d0e99d9a1ca8953e4e7cca429f7a48b21
SHA256

1a0ad1763dd69e9ca85d31e4b8cc66759829f4b69072bce13c75f5d7e16e3db7
SHA512

97588beb6f383b11e1e9981038eb4f8a3c94e601861feb93c91b3936821a214aa7946c4bd0bca436e4674ee76e95877ff2852a3334d694d2f27baf30aff1c330
SSDEEP

3072:v8tP2+vlXRLavR3V6Ehvq21pWmqrW1VHjaGexyLWFm7kEfKOTZ+9r2m25:CXRLCUIvq21LHaG45FCeR2/5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
EnableSeLoadDriverPrivilege.exe

Files

EnableSeLoadDriverPrivilege.exe
.exe windows:6 windows x86 arch:x86

5fe560ac6e02204055929eff50fcd257

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenProcessToken
AdjustTokenPrivileges
CopySid
GetLengthSid
GetTokenInformation
IsValidSid
LookupAccountSidW
LookupPrivilegeValueW
LookupPrivilegeNameW
ConvertSidToStringSidW

user32

wsprintfW

ntdll

RtlNtStatusToDosError
RtlUnwind

kernel32

CreateFileW
HeapReAlloc
CloseHandle
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
GetModuleHandleA
GetProcAddress
lstrcatW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
HeapSize
SetFilePointerEx
RaiseException
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
WriteFile
ExitProcess
GetCommandLineA
GetCommandLineW
OutputDebugStringW
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
DecodePointer

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5fe560ac6e02204055929eff50fcd257

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

ntdll

kernel32

Sections

.text Size: 79KB - Virtual size: 78KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 2KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 79KB - Virtual size: 78KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 2KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 4KB