3da488b601a2c40779e62d8b5788319f38f3543a2768c3182ec1823f0276c3b8

Sharing

Copy URL Twitter E-mail

General

Target

3da488b601a2c40779e62d8b5788319f38f3543a2768c3182ec1823f0276c3b8
Size

704KB
MD5

7f851919648db1b9ba97de7434a13680
SHA1

f33b86260c094dc331b8be1873fc3413cc63ec1d
SHA256

3da488b601a2c40779e62d8b5788319f38f3543a2768c3182ec1823f0276c3b8
SHA512

4077583407e39b8509784a38332b2367f354dab302811803350853d23cfb775a61640f7cc76d2feb864f384debedbbe4d70a84b6bb1f13fa3ddaa2c8034d7e28
SSDEEP

12288:gSEB64JoS56/UBL8252uui8FbECP7BhdfswdJ0NXdU8ZWH7DEP1rCJ7U3n:gSEh6/t2rR8FfBhRJUEbDk1ulUX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3da488b601a2c40779e62d8b5788319f38f3543a2768c3182ec1823f0276c3b8

Files

3da488b601a2c40779e62d8b5788319f38f3543a2768c3182ec1823f0276c3b8
.exe windows:6 windows x64 arch:x64

7254f291c5fca4ef138290d5692837ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\home\jenkins\agent\workspace\ovoHotkeys_hotkeydriver_2.0.10.x\LenovoKBDHotkey\Bin\x64\Release\LenovoUtilityService.pdb

Imports

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

kernel32

IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateToolhelp32Snapshot
RtlVirtualUnwind
SubmitThreadpoolWork
RtlLookupFunctionEntry
QueryFullProcessImageNameW
Sleep
GetThreadId
GetCurrentThread
WaitForSingleObject
SetEvent
CreateThread
SizeofResource
LockResource
LoadResource
FindResourceExW
CreateThreadpoolWork
WTSGetActiveConsoleSessionId
RtlCaptureContext
lstrlenW
GetModuleHandleW
WaitForSingleObjectEx
CloseThreadpoolTimer
ResetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetProcessTimes
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateEventW
CreateThreadpoolTimer
CreateDirectoryW
TerminateProcess
OpenProcess
GetCurrentProcess
CreateFileW
LocalAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
Process32FirstW
LocalFree
LoadLibraryExW
GetProcAddress
ProcessIdToSessionId
EnterCriticalSection
GetLastError
WriteFile
CloseHandle
GetProcessHeap
HeapAlloc
HeapFree
WaitForMultipleObjects
IsDebuggerPresent
HeapReAlloc
HeapSize
HeapDestroy
GetFileTime
InitializeCriticalSectionEx
MoveFileW
GetFileSize
lstrcmpiW
GetLocalTime
DeleteFileW
OutputDebugStringW
RtlCaptureStackBackTrace
VerifyVersionInfoW
GetSystemTimeAsFileTime
ReadFile
InitializeSListHead
GetFullPathNameW
DeleteCriticalSection
GetModuleFileNameW
SetFilePointer
InitializeCriticalSection
Process32NextW
FindResourceW
VerSetConditionMask

ole32

CoInitializeEx
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity

hid

HidD_FreePreparsedData
HidP_GetCaps
HidD_GetPreparsedData
HidD_GetAttributes

setupapi

SetupDiEnumDeviceInfo
CMP_WaitNoPendingInstallEvents
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInterfaces
CM_Locate_DevNodeW
SetupDiGetDeviceRegistryPropertyW

advapi32

CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceStatus
ControlService
CreateServiceW
RegNotifyChangeKeyValue
CloseServiceHandle
DeleteService
OpenServiceW
OpenSCManagerW
RevertToSelf
ImpersonateLoggedOnUser
EventWriteString
SetServiceStatus
EventUnregister
EventRegister
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
GetTokenInformation
RegCloseKey
DuplicateTokenEx
CreateProcessAsUserW
OpenProcessToken

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
UnloadUserProfile

shlwapi

StrChrW
StrCmpNIW
StrCmpIW
StrToIntExW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust

msvcp140

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

dbghelp

SymInitialize
SymCleanup

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_compare
__std_terminate
memcpy
__std_exception_destroy
wcsrchr
memmove
memset
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
_cexit
_exit
_invalid_parameter_noinfo
__p___argc
__p___wargv
_c_exit
_initialize_onexit_table
_errno
terminate
_invalid_parameter_noinfo_noreturn
_crt_atexit
exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-string-l1-1-0

wcsnlen
_wcsicmp
wmemcpy_s
_wcsnicmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__stdio_common_vswprintf
__stdio_common_vfwprintf
__acrt_iob_func
__p__commode
_set_fmode

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc
_callnewh

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7254f291c5fca4ef138290d5692837ea

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oleaut32

kernel32

ole32

hid

setupapi

advapi32

wtsapi32

userenv

shlwapi

version

wintrust

msvcp140

dbghelp

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 69KB - Virtual size: 68KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 568KB - Virtual size: 572KB