sdbinst[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

sdbinst.exe
Size

208KB
MD5

ea9e36c2829e7bcd9bfd565e699c9930
SHA1

891dfd1a6ab87ef24f8d6325a8077cd5ca03aa8c
SHA256

d25d59e065f800f3be6847bbc9bcdc6010018c3bd473a3bfc5d59cdfcbb104ab
SHA512

fbdced17feee1046823688370a249864a0c298e350e6d9a4117df98662f57d0dd86244837f455528d51712022d966e0e87d20e8a7b860749c6d3cc6c67fb8fa8
SSDEEP

6144:XeuqOKqEWDxo2Ftew4EC1IiwbpbiAC5S63:XeLOKqEWDxoUb4iZO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sdbinst.exe

Files

sdbinst.exe
.exe windows:10 windows x64 arch:x64

999b9dcd61dab941b1e8d50fe6ef72cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegQueryValueExW
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyExW
RegCloseKey
RegDeleteKeyValueW
RegOpenKeyW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
RegDeleteKeyW
RegEnumKeyW
RegGetValueW

kernel32

WriteFile
GetModuleHandleExW
WaitForSingleObject
LocalAlloc
GetFileAttributesW
GetCurrentThreadId
ReleaseMutex
GetSystemDirectoryW
SetFileAttributesW
Sleep
GetConsoleMode
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
DeleteFileW
OpenSemaphoreW
CloseHandle
SetProcessWorkingSetSizeEx
LoadLibraryW
HeapSetInformation
HeapAlloc
WriteConsoleW
GetProcAddress
CreateMutexExW
LocalFree
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
FreeLibrary
CopyFileW
WideCharToMultiByte
GetStdHandle
GetFileType
DebugBreak
SetThreadPreferredUILanguages
IsDebuggerPresent
GetFileInformationByHandle
MoveFileExW
FindFirstFileExW
RtlCompareMemory
CreateFileW
LoadLibraryExW
FindClose
ExpandEnvironmentStringsW
FindNextFileW
CreateDirectoryW
GetTickCount
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
SetPriorityClass
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
ReleaseSemaphore
GetSystemTimeAsFileTime

msvcrt

_CxxThrowException
memset
memcmp
memmove
__CxxFrameHandler3
memcpy
?what@exception@@UEBAPEBDXZ
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
towupper
wcsrchr
_wfullpath
_vsnprintf_s
fgetwc
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
tolower
_wcsicmp
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler4
wcscmp
__iob_func
wcschr
_wcsnicmp
qsort
_vscwprintf
_purecall
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z

user32

LoadStringW

shell32

ord680

ntdll

NtDeleteKey
RtlFreeUnicodeString
RtlStringFromGUID
RtlCaptureContext
ZwQuerySystemInformation
ZwUnmapViewOfSection
RtlLookupFunctionEntry
RtlAppendUnicodeStringToString
RtlAllocateHeap
RtlAppendUnicodeToString
ZwCreateFile
RtlDosPathNameToNtPathName_U_WithStatus
RtlUpcaseUnicodeString
ZwCreateSection
RtlInitUnicodeString
RtlGetNativeSystemInformation
RtlReAllocateHeap
NtClose
RtlInitUnicodeStringEx
ZwMapViewOfSection
RtlFreeHeap
ZwQueryValueKey
ZwQueryInformationFile
ZwClose
ZwOpenKey
ZwEnumerateValueKey
RtlRunOnceExecuteOnce
ZwWriteFile
ZwQuerySystemTime
NtWriteFile
NtQueryInformationFile
RtlDoesFileExists_U
RtlExpandEnvironmentStrings_U
NtCreateKey
NtSetValueKey
NtSetInformationKey
NtOpenKey
RtlCopyUnicodeString
RtlNtStatusToDosError
NtQueryKey
NtQueryInformationByName
RtlVirtualUnwind
RtlGUIDFromString

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

999b9dcd61dab941b1e8d50fe6ef72cd

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

shell32

ntdll

Sections

.text Size: 128KB - Virtual size: 127KB

.rdata Size: 56KB - Virtual size: 54KB

.data Size: 4KB - Virtual size: 2KB

.pdata Size: 8KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 660B

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 4KB - Virtual size: 2KB

.pdata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 660B