6954e4553752344bdf52274755d1526c8df2b8a6b25b03b4579b248f4ab47b07

Sharing

Copy URL Twitter E-mail

General

Target

6954e4553752344bdf52274755d1526c8df2b8a6b25b03b4579b248f4ab47b07
Size

1.2MB
MD5

1e710fb12f38ff40eadbe97d49707c2c
SHA1

45d42c44473144061d327032fde2dd961e7a5872
SHA256

6954e4553752344bdf52274755d1526c8df2b8a6b25b03b4579b248f4ab47b07
SHA512

f6993bc0e99389b23def67b6d8c0a52c3f20f5f0ca2a0527984d37cc4c1b66c6ce6363470aad03f608b820f6645de7be12620d06e76ca48eeb4325b5658c0f05
SSDEEP

24576:UQnyR7Vs7iHKBcIfL+9MYEhnbhdxKaANp:E0iHTIfLeMYa7x0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6954e4553752344bdf52274755d1526c8df2b8a6b25b03b4579b248f4ab47b07

Files

6954e4553752344bdf52274755d1526c8df2b8a6b25b03b4579b248f4ab47b07
.exe windows:4 windows x64 arch:x64

04ec7bcffcd09328e8a94b9b899893f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\10.25.14.109\trunk\x64\release\HidMonitorSvc.pdb

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces

hid

HidD_GetPreparsedData
HidD_FreePreparsedData
HidP_GetCaps
HidD_GetHidGuid
HidD_GetAttributes

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSQueryUserToken

shlwapi

PathFileExistsW

kernel32

CloseHandle
GetLastError
Sleep
GetProcAddress
GetSystemDirectoryW
GetVersionExW
GetConsoleOutputCP
CreateEventW
WaitForSingleObject
CreateFileW
SetEvent
FreeLibrary
ExpandEnvironmentStringsW
HeapReAlloc
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapSize
SetStdHandle
GetTickCount
WriteConsoleA
WriteConsoleW
CreateFileA
FlushFileBuffers
LoadLibraryW
GetOEMCP
InitializeCriticalSection
LoadLibraryA
HeapAlloc
HeapFree
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
IsValidCodePage
GetModuleHandleA
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
RtlUnwindEx
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA

user32

UnregisterDeviceNotification
RegisterDeviceNotificationW

advapi32

RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
SetServiceStatus
RegisterServiceCtrlHandlerExW
CreateProcessAsUserW
StartServiceCtrlDispatcherW
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

04ec7bcffcd09328e8a94b9b899893f4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

hid

wtsapi32

shlwapi

kernel32

user32

advapi32

userenv

Sections

.text Size: 58KB - Virtual size: 58KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 5KB - Virtual size: 15KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1.1MB - Virtual size: 1.6MB

.text
Size: 58KB - Virtual size: 58KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 5KB - Virtual size: 15KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1.1MB - Virtual size: 1.6MB