71a117a8360ea75ec7d05e61a71c2508fa1654dd5ee673b5ac63a7eff60252d9

Sharing

Copy URL Twitter E-mail

General

Target

71a117a8360ea75ec7d05e61a71c2508fa1654dd5ee673b5ac63a7eff60252d9
Size

1.6MB
MD5

0811ad2a289530f12cb4aa0e94a18cba
SHA1

927e7030aeeb10f3959a3d346ae9cd28b137781c
SHA256

71a117a8360ea75ec7d05e61a71c2508fa1654dd5ee673b5ac63a7eff60252d9
SHA512

2dd3430bd84b8771f5aa8e7b62939cf7b1d9ea350a436e87fc0e1ffcb9505670d82c516284964d688b8fbc0f234730ccf49be75e16a9710f91285cb8d9dc1cf2
SSDEEP

49152:M7q5idgliQeszVKwYFlIaXOHCCT0LsiGFXo6HCnbgFl9/iJE3jM2ce:Aq5idgliQeROHCCT0LsiGFYu4bMl92E8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71a117a8360ea75ec7d05e61a71c2508fa1654dd5ee673b5ac63a7eff60252d9

Files

71a117a8360ea75ec7d05e61a71c2508fa1654dd5ee673b5ac63a7eff60252d9
.exe windows:6 windows x64 arch:x64

83ff7884a8cc04196e4df0958b76f1d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Jayde_P4\depot3\Drivers\fw_update_driver\QService_V4_EM05X\QService_V4\x64\Release\QServiceEM060K.pdb

Imports

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken

shlwapi

PathCombineA
PathCombineW

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
CM_Reenumerate_DevNode
CM_Locate_DevNodeW
SetupDiDestroyDeviceInfoList
SetupDiOpenClassRegKeyExW

user32

RegisterPowerSettingNotification
RegisterSuspendResumeNotification
wsprintfW

ole32

CoCreateGuid
CoUninitialize
CoInitializeEx
OleRun
CoCreateInstance

oleaut32

VariantClear
SafeArrayCreate
SysAllocString
SysFreeString
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
GetErrorInfo
SafeArrayDestroy
SafeArrayGetElement

iphlpapi

GetAdaptersAddresses

dbghelp

MiniDumpWriteDump

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
CloseEventLog
ReadEventLogW
OpenEventLogW
QueryServiceStatusEx
CloseServiceHandle
OpenServiceW
OpenSCManagerW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
DuplicateTokenEx
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteExW

kernel32

GetCommandLineA
ExitProcess
ExitThread
RtlUnwindEx
UnregisterWaitEx
QueryDepthSList
GetCommandLineW
InterlockedPushEntrySList
InterlockedPopEntrySList
GetConsoleOutputCP
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
InterlockedFlushSList
ReadConsoleW
GetVersionExW
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
GetFileType
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
MoveFileExW
SetStdHandle
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
WriteConsoleW
SetEndOfFile
ReleaseSemaphore
DeleteFileA
UnregisterWait
RegisterWaitForSingleObject
lstrcmpiW
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
GetLastError
CloseHandle
WTSGetActiveConsoleSessionId
CreateProcessW
CreateEventW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
lstrcpyW
FindFirstFileW
SetFileAttributesW
DeleteFileW
Sleep
FindNextFileW
FindClose
RemoveDirectoryW
GetSystemPowerStatus
SetEnvironmentVariableW
LoadLibraryW
GetProcAddress
FreeLibrary
OOBEComplete
GetWindowsDirectoryA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateThread
SetEvent
WaitForSingleObject
ResetEvent
GetFileAttributesW
CreateDirectoryW
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
OpenEventW
CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetCurrentThreadId
FindFirstFileA
FindNextFileA
RtlUnwind
HeapAlloc
GetProcessHeap
HeapFree
OutputDebugStringW
GetCurrentProcess
CreateFileW
GetCurrentProcessId
FatalAppExitW
SetUnhandledExceptionFilter
FileTimeToLocalFileTime
FileTimeToSystemTime
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
WriteConsoleA
WriteFile
GetConsoleMode
GetDynamicTimeZoneInformation
GetFileAttributesA
GetSystemFirmwareTable
GetWindowsDirectoryW
SetFilePointer
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
SetFileTime
TryEnterCriticalSection
InitOnceComplete
QueueUserWorkItem
GetModuleHandleExW
IsProcessorFeaturePresent
RtlPcToFileHeader
RaiseException
InitOnceBeginInitialize
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
LocalFree
EncodePointer
DecodePointer
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
ChangeTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask

Sections

.text
Size: 734KB - Virtual size: 734KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

83ff7884a8cc04196e4df0958b76f1d6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wtsapi32

shlwapi

setupapi

user32

ole32

oleaut32

iphlpapi

dbghelp

version

advapi32

shell32

kernel32

Sections

.text Size: 734KB - Virtual size: 734KB

.rdata Size: 256KB - Virtual size: 256KB

.data Size: 28KB - Virtual size: 40KB

.pdata Size: 38KB - Virtual size: 37KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 734KB - Virtual size: 734KB

.rdata
Size: 256KB - Virtual size: 256KB

.data
Size: 28KB - Virtual size: 40KB

.pdata
Size: 38KB - Virtual size: 37KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 572KB - Virtual size: 576KB