BdeHdCfg[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

BdeHdCfg.exe
Size

148KB
MD5

75ff14f268f702ba3a4b587da25ffbf7
SHA1

8b3dc5dd07892b4dcf89387cc63a80d13b426d8f
SHA256

a801668846e136c71ce2d9da4c2cf7dfac7b9b85f2911983a3234ca6a305f0d0
SHA512

669764878cb0d788a2b3261c6e2d5ce35b7e4daa24426bb14f1b6d768c494bb0dbf335e84f6e7c4a82b97769f9c201da4485301e7bb0f1769b3823664a099d9c
SSDEEP

3072:Dc8nU8jHda2EKHVZzwnVS570M9kdatGCO+xmBc+hMPhPsx:gaHsKHVZ8Vs7nyatGt+SYF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BdeHdCfg.exe

Files

BdeHdCfg.exe
.exe windows:10 windows x64 arch:x64

bed35470582631f338efa043107c9b11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleFileNameW
HeapSetInformation
CreateMutexW
ReadConsoleW
SetConsoleMode
GetConsoleMode
CancelWaitableTimer
WaitForSingleObjectEx
SetWaitableTimer
WaitForSingleObject
GlobalFree
FormatMessageW
SetConsoleCursorPosition
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
InitOnceExecuteOnce
LocalFree
GetDriveTypeW
GetLastError
GetCommandLineW
GetConsoleOutputCP
SetConsoleCtrlHandler
LeaveCriticalSection
EnterCriticalSection
SetThreadPreferredUILanguages
SetEvent
DeleteCriticalSection
CloseHandle
InitializeCriticalSection
CreateWaitableTimerW
CreateEventW
GetStdHandle

msvcrt

?terminate@@YAXXZ
_vsnwprintf
_wsetlocale
_wcsicmp
_wcsnicmp
iswalpha
towupper
_wtoi64
wprintf
free
malloc
_callnewh
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
__setusermatherr
_initterm
_acmdln
__C_specific_handler
swprintf_s
_fmode
_commode
memset

shell32

CommandLineToArgvW

bdehdcfglib

?Unload@CBdeCfgLibraryLoader@@QEAAXXZ
?Load@CBdeCfgLibraryLoader@@QEAAJXZ
BdeCfgIsElevated
??1CDriveConfiguration@@QEAA@XZ
??0CDriveConfiguration@@QEAA@XZ
??1CBdeCfgLibraryLoader@@QEAA@XZ
??0CBdeCfgLibraryLoader@@QEAA@XZ
BdeCfgLogError
BdeCfgLogCommandLineParams
BdeCfgLoadErrorString
?GetActionType@CDriveConfiguration@@QEAA?AW4BDECFG_ACTION_TYPE@@XZ
?GetTargetDriveLetter@CDriveConfiguration@@QEAAGXZ
?GetTargetDiskNumber@CDriveConfiguration@@QEAAKXZ
?GetTargetPartitionNumber@CDriveConfiguration@@QEAAKXZ
?GetShrinkSize@CDriveConfiguration@@QEAA_KXZ
?GetTargetPartitionSize@CDriveConfiguration@@QEAA_KXZ
?ActionRequiresShrink@CDriveConfiguration@@QEAA_NXZ
?ActionRequiresCreate@CDriveConfiguration@@QEAA_NXZ
?GetNewDriveLetter@CDriveConfiguration@@QEAAGXZ
?ActionRequiresMerge@CDriveConfiguration@@QEAA_NXZ
BdeCfgCalculateSizeRequirements
BdeCfgCheckAndGetBootVolume
BdeCfgGetVolumeDisk
BdeCfgCanCreateActivePartOnDisk
BdeCfgFindLargestUnallocatedExtent
BdeCfgFindCandidateVolumes
BdeCfgFindVolumeWithName
BdeCfgCheckVolumeAsCandidate
?Initialize@CDriveConfiguration@@QEAAJPEBU_BDECFG_PARAMS@@QEAU_BDECFG_SIZE_REQUIREMENTS@@PEAVIConfigurationProgress@@@Z
?ConfigureDrive@CDriveConfiguration@@QEAAJXZ
BdeCfgLogClose
BdeCfgLogInit
BdeCfgRestart
?QueryStepPercentComplete@CDriveConfiguration@@QEAAJPEAK@Z
BdeCfgMoveWinRE
BdeCfgIsWinREOnOSVolume
BdeCfgLoadResourceString

winbrand

BrandingFormatString

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bed35470582631f338efa043107c9b11

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

shell32

bdehdcfglib

winbrand

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-version-l1-1-0

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 1KB

.pdata Size: 4KB - Virtual size: 828B

.rsrc Size: 104KB - Virtual size: 103KB

.reloc Size: 4KB - Virtual size: 56B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 1KB

.pdata
Size: 4KB - Virtual size: 828B

.rsrc
Size: 104KB - Virtual size: 103KB

.reloc
Size: 4KB - Virtual size: 56B