DriverView[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

DriverView.exe
Size

93KB
MD5

4e5c4aa1d85573783c78f3b7dbfe13d1
SHA1

7f1cd4a4e48ae869018603671e198590eed5ec0f
SHA256

103a608c796d4ca9da28c247ed1ccd14bf69d4a6cfed8e8efdc95df900a892f7
SHA512

93ce52e16aa626707501fb1ef1f5409d26d18276d36730f96aebf75335a4d82e0b2a3e67ebaaa9d24c89639d3f826ad3f5bad3e6403bf77d197478a84c2a1f98
SSDEEP

1536:mBsOSU0iyOPVZRn6YY5QMQYwqTfUTqX4e+UvVoXoWPWUlxNiA2bwxD7W+hMLl7:2sOSUYOPVZR4fQYHMTheHSxNwkxD7W+m

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

DriverView.exe
.exe windows:4 windows x64 arch:x64

625d13b37d8a758778e822a11c8727db

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

95:6b:7e:33:6b:25:ba:69:ea:44:93:fe:ee:fb:32:87:b3:d1:36:d9
Signer

Actual PE Digest

95:6b:7e:33:6b:25:ba:69:ea:44:93:fe:ee:fb:32:87:b3:d1:36:d9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\DriverView\x64\Release\DriverView.pdb

Imports

msvcrt

_initterm
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
__setusermatherr
__dllonexit
_strlwr
_mbsicmp
_purecall
qsort
malloc
strtoul
free
_snprintf
modf
_commode
_fmode
__set_app_type
_onexit
memcmp
_strcmpi
_memicmp
strrchr
strcmp
strchr
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memset
strlen
memcpy
_itoa
atoi
_stricmp
strcpy
strcat
strncat
sprintf

comctl32

ImageList_Create
ImageList_SetImageCount
ord6
CreateToolbarEx
ImageList_AddMasked
ord17
ImageList_ReplaceIcon

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

ExitProcess
GetCurrentProcessId
DeleteFileA
EnumResourceNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetTimeFormatA
GetFileTime
MultiByteToWideChar
GetCurrentProcess
ReadProcessMemory
OpenProcess
GetStartupInfoA
GetFileAttributesA
GetFileSize
GetModuleHandleA
FreeLibrary
FileTimeToLocalFileTime
CompareFileTime
LoadLibraryExA
ExpandEnvironmentStringsA
FileTimeToSystemTime
GetProcAddress
LoadLibraryA
CreateFileA
CloseHandle
GlobalLock
GlobalUnlock
GlobalAlloc
lstrlenA
GetVersionExA
GetLastError
FormatMessageA
GetTempPathA
GetModuleFileNameA
GetWindowsDirectoryA
LocalFree
GetDateFormatA
ReadFile
lstrcpyA
WriteFile
GetSystemDirectoryA
GetTempFileNameA

user32

MessageBeep
EndDeferWindowPos
GetFocus
BeginDeferWindowPos
GetMessageA
RegisterWindowMessageA
SetTimer
PostQuitMessage
TrackPopupMenu
IsDialogMessageA
TranslateMessage
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
LoadCursorA
SetDlgItemTextA
DispatchMessageA
SetWindowTextA
SendDlgItemMessageA
GetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
SetDlgItemInt
RegisterClassA
UpdateWindow
GetSystemMetrics
GetWindowRect
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
LoadImageA
LoadStringA
LoadIconA
GetWindowLongA
SetWindowLongA
InvalidateRect
SetFocus
GetMenuItemCount
GetSubMenu
GetClassNameA
GetMenuStringA
CloseClipboard
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetClientRect
GetSysColor
MoveWindow
GetMenu
OpenClipboard
CheckMenuItem
EmptyClipboard
EnableMenuItem
ReleaseDC
GetDC
GetMenuItemInfoA
GetWindowTextA
LoadMenuA
GetParent
ModifyMenuA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
CreateDialogParamA
EnumChildWindows
DestroyWindow
GetKeyState
KillTimer
DeferWindowPos

gdi32

GetStockObject
GetTextExtentPoint32A
SetBkColor
GetDeviceCaps
SetTextColor
CreateFontIndirectA
SetBkMode
DeleteObject

comdlg32

FindTextA
GetSaveFileNameA

advapi32

RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegDeleteKeyA

shell32

ShellExecuteExA
ShellExecuteA

ole32

OleInitialize
OleUninitialize
DoDragDrop

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

625d13b37d8a758778e822a11c8727db

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate

Extended Key Usages

Key Usages

95:6b:7e:33:6b:25:ba:69:ea:44:93:fe:ee:fb:32:87:b3:d1:36:d9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 1024B - Virtual size: 5KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 11KB - Virtual size: 11KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

95:6b:7e:33:6b:25:ba:69:ea:44:93:fe:ee:fb:32:87:b3:d1:36:d9
Signer

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 5KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 11KB - Virtual size: 11KB