Windows Driver Foundаtion (WDF)[.]exe

Resubmissions

26/11/2023, 16:05

231126-tjg62aac87 3

26/11/2023, 16:03

231126-thnbnaad31 3

Sharing

Copy URL Twitter E-mail

General

Target

Windows Driver Foundаtion (WDF).exe
Size

300KB
MD5

0233d5e8ee9178166d54f4a7ef0e7bcd
SHA1

b07ce15b0a602b19c3fa6ac4a356c286c4e01cc6
SHA256

20f885553a269570c48f3c2ee7288442e87fb07d5d9f9f477cf657929cdaf954
SHA512

4301aa5bca39fbdfab7aea9a5ee6f30f32dadda7dc4efbac1ee3a18b447ae5116801ff3bad32310df4a5a88dd7f21f03536f0b18c1277dd140d989cd0e84f54b
SSDEEP

6144:G0omws/ZBwXoJoBW00yKDcRfUTg7eDwVXc0FbZsS00j0G2+4g0HRdadb26YefPxb:Gv36BwXoKBL7RfUkeDwVXc0FbZsS00jQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Windows Driver Foundаtion (WDF).exe

Files

Windows Driver Foundаtion (WDF).exe
.exe windows:10 windows x64 arch:x64

fbb1e8290f0b168cec3d026f11d7e449

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-crt-l1-1-0

wcsrchr
wcscat_s
_vsnprintf_s
wcsstr
wcsncpy_s
wcscpy_s
__C_specific_handler
_vsnwprintf_s
_wcsicmp
memcpy
memset
wcstoul
_wcsnicmp
wcsncmp

api-ms-win-core-crt-l2-1-0

__wgetmainargs
_purecall
exit
_initterm_e
_initterm
__dllonexit3
_onexit

ntdll

RtlInitUnicodeString
DbgPrintEx
RtlSetIoCompletionCallback
VerSetConditionMask
RtlVerifyVersionInfo
NtQueryInformationFile
RtlNtStatusToDosError
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
NtSetInformationFile

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
UnregisterTraceGuids

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TlsGetValue
TerminateProcess
CreateThread
TlsFree
GetCurrentThread
TlsAlloc
GetCurrentThreadId
TlsSetValue
GetCurrentProcessId

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-sysinfo-l1-2-0

GetOsSafeBootMode

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryW
GetTickCount

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CLSIDFromString

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
CreateEventW
EnterCriticalSection
SetEvent
AcquireSRWLockExclusive
WaitForSingleObject
WaitForMultipleObjectsEx

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SetEnvironmentVariableW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryExW
LoadLibraryExA

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWait
SetThreadpoolThreadMinimum
CreateThreadpoolCleanupGroup
CloseThreadpool
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpool
SetThreadpoolThreadMaximum
SetThreadpoolWait

api-ms-win-core-file-l1-1-0

ReadFile
CreateFileW
GetFileSizeEx
WriteFile
FlushFileBuffers

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
VirtualProtect
VirtualQuery

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-namedpipe-l1-1-0

WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-security-base-l1-1-0

RevertToSelf

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

wudfplatform

WudfWaitForDebugger
WudfDebugBreakPoint
WudfIsUserDebuggerPresent
GetAndInitializePlatformObject
InitializePlatformLibrary
WdfGetLpcInterface
SetPlatformErrorReportingCallbacks
ShutdownPlatformLibrary
WudfIsKernelDebuggerPresent

Exports

Exports

Microsoft_WDF_UMDF_Version

Sections

.text
Size: 208KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

fbb1e8290f0b168cec3d026f11d7e449

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-crt-l1-1-0

api-ms-win-core-crt-l2-1-0

ntdll

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

wudfplatform

Exports

Exports

Sections

.text Size: 208KB - Virtual size: 206KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 4KB - Virtual size: 3KB

.pdata Size: 12KB - Virtual size: 8KB

.didat Size: 4KB - Virtual size: 272B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 208KB - Virtual size: 206KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 12KB - Virtual size: 8KB

.didat
Size: 4KB - Virtual size: 272B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB