690c7609a87a0c9209d310f27edf03b5a615054aa6bee500a113cf8808fe219b

Sharing

Copy URL Twitter E-mail

General

Target

690c7609a87a0c9209d310f27edf03b5a615054aa6bee500a113cf8808fe219b
Size

3.2MB
MD5

44d1dc4bccaa2f1037d8f78bb3d36d18
SHA1

b91f567ec7feba3587a4d7d4d9f369b33fe8db56
SHA256

690c7609a87a0c9209d310f27edf03b5a615054aa6bee500a113cf8808fe219b
SHA512

d5d3f0f7adbf3f3116580e2d47a1fbc0c5b918ac79638ab461f1b5495a93589ed8df251e069a1710b25b454b0602fbcabad9989378ae4efe575540a4c37c9b09
SSDEEP

49152:FHc8bgpFnlV4pEYItFPA0SVQ9U8Wi73lg8Ntg4l5gWW654ve30jaNf1TWbdz:FHcrrQE2ul3NSmkU023W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
690c7609a87a0c9209d310f27edf03b5a615054aa6bee500a113cf8808fe219b

Files

690c7609a87a0c9209d310f27edf03b5a615054aa6bee500a113cf8808fe219b
.exe windows:6 windows x64 arch:x64

08b86e0aa82a6539a34fd3779d17c981

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\jenkins\workspace\dptf\Src\ESIF\Products\ESIF_UF\Sources\win\projs\x64\Win10Release\ipf_uf.pdb

Imports

kernel32

SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetCurrentThreadId
GetThreadId
GetSystemPowerStatus
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
WideCharToMultiByte
GetTimeZoneInformation
GetFileAttributesExW
GetFileSizeEx
SetFilePointerEx
SetConsoleCtrlHandler
RaiseException
GetStringTypeW
GetConsoleOutputCP
HeapSize
SetEndOfFile
GetTickCount64
CreateMutexW
ReleaseMutex
OutputDebugStringA
WaitForMultipleObjects
FormatMessageA
ReadConsoleW
CreateFileA
DeviceIoControl
GetConsoleMode
GetEnvironmentVariableA
GetTempPathW
GetTempPathA
SetLastError
CreateMutexA
WriteConsoleW
SetPriorityClass
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemWindowsDirectoryA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
LoadLibraryExW
LocalFree
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetStdHandle
GetCommandLineW
GetExitCodeProcess
ExitThread
GetExitCodeThread
CreateProcessW
AddDllDirectory
SetDllDirectoryW
WriteConsoleInputW
SetStdHandle
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapReAlloc
CreateFileW
FlushFileBuffers
ReadFile
WriteFile
ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
WaitNamedPipeW
GetOverlappedResult
LoadLibraryExA
GetProcAddress
GetModuleHandleExA
FreeLibrary
GetLastError
AcquireSRWLockShared
ReleaseSRWLockShared
GetFileAttributesA
FindNextFileA
LocalAlloc
CloseHandle
FindFirstFileA
FindClose
QueryPerformanceFrequency
QueryPerformanceCounter
CreateThread
WTSGetActiveConsoleSessionId
MoveFileExW
EnumSystemLocalesW
CreateDirectoryW
DeleteFileW
RemoveDirectoryW
CopyFileW
GetCurrentProcess
CreateSemaphoreW
Sleep
CreateEventW
WaitForSingleObject
ReleaseSemaphore
ResetEvent
SetEvent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
DuplicateHandle
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetFileAttributesW
lstrcmpA
FileTimeToSystemTime
GetModuleHandleW
VerifyVersionInfoW
VerSetConditionMask
GetFullPathNameW
OutputDebugStringW
CreateProcessA
GetTimeFormatW
GetDateFormatW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetProcessHeap
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
__C_specific_handler
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EncodePointer
InitializeCriticalSectionEx
DeleteCriticalSection
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
ExitProcess
GetCommandLineA
HeapFree
HeapAlloc
RtlUnwind

powrprof

PowerReadACValueIndex
CallNtPowerInformation
PowerRemovePowerSetting
SetSuspendState
PowerWriteSettingAttributes
PowerReadDCValueIndex

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoIncrementMTAUsage
CoDecrementMTAUsage
CoUninitialize
PropVariantClear
StringFromCLSID

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateString
WindowsCreateStringReference
WindowsDeleteString
WindowsCompareStringOrdinal
WindowsDuplicateString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-power-setting-l1-1-0

PowerSetActiveScheme
PowerSettingRegisterNotification
PowerWriteACValueIndex
PowerWriteDCValueIndex
PowerSettingUnregisterNotification
PowerGetActiveScheme

advapi32

LookupAccountNameA
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
DuplicateTokenEx
CreateProcessAsUserW
ConvertStringSidToSidW
ConvertSidToStringSidA
GetUserNameA
SetSecurityDescriptorDacl
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
GetAclInformation
AddAce
AddAccessAllowedAce
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
CloseTrace
ProcessTrace
OpenTraceW
EnableTraceEx
ControlTraceW
StartTraceW
EventWriteString
EventProviderEnabled
EventWrite
EventUnregister
EventRegister

tdh

TdhGetEventInformation

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

setupapi

CM_Get_Device_ID_List_SizeW
CM_Get_DevNode_Registry_PropertyW
CM_Locate_DevNodeW
CM_Get_Device_ID_ListW

Exports

Exports

ctlAUXAccess
ctlCheckDriverVersion
ctlClose
ctlEngineGetActivity
ctlEngineGetProperties
ctlEnumEngineGroups
ctlEnumFans
ctlEnumFrequencyDomains
ctlEnumMemoryModules
ctlEnumPowerDomains
ctlEnumTemperatureSensors
ctlEnumerateDevices
ctlEnumerateDisplayOutputs
ctlEnumerateMuxDevices
ctlFanGetConfig
ctlFanGetProperties
ctlFanGetState
ctlFanSetDefaultMode
ctlFanSetFixedSpeedMode
ctlFanSetSpeedTableMode
ctlFrequencyGetAvailableClocks
ctlFrequencyGetProperties
ctlFrequencyGetRange
ctlFrequencyGetState
ctlFrequencyGetThrottleTime
ctlFrequencySetRange
ctlGetAdaperDisplayEncoderProperties
ctlGetBrightnessSetting
ctlGetCurrentScaling
ctlGetCurrentSharpness
ctlGetDeviceProperties
ctlGetDisplayProperties
ctlGetIntelArcSyncInfoForMonitor
ctlGetIntelArcSyncProfile
ctlGetLACEConfig
ctlGetMuxProperties
ctlGetPowerOptimizationCaps
ctlGetPowerOptimizationSetting
ctlGetSet3DFeature
ctlGetSetRetroScaling
ctlGetSetVideoProcessingFeature
ctlGetSharpnessCaps
ctlGetSupported3DCapabilities
ctlGetSupportedRetroScalingCapability
ctlGetSupportedScalingCapability
ctlGetSupportedVideoProcessingCapabilities
ctlGetZeDevice
ctlI2CAccess
ctlInit
ctlMemoryGetBandwidth
ctlMemoryGetProperties
ctlMemoryGetState
ctlOverclockGetProperties
ctlOverclockGpuFrequencyOffsetGet
ctlOverclockGpuFrequencyOffsetSet
ctlOverclockGpuLockGet
ctlOverclockGpuLockSet
ctlOverclockGpuVoltageOffsetGet
ctlOverclockGpuVoltageOffsetSet
ctlOverclockPowerLimitGet
ctlOverclockPowerLimitSet
ctlOverclockTemperatureLimitGet
ctlOverclockTemperatureLimitSet
ctlOverclockVramFrequencyOffsetGet
ctlOverclockVramFrequencyOffsetSet
ctlOverclockVramVoltageOffsetGet
ctlOverclockVramVoltageOffsetSet
ctlOverclockWaiverSet
ctlPanelDescriptorAccess
ctlPciGetProperties
ctlPciGetState
ctlPixelTransformationGetConfig
ctlPixelTransformationSetConfig
ctlPowerGetEnergyCounter
ctlPowerGetLimits
ctlPowerGetProperties
ctlPowerSetLimits
ctlPowerTelemetryGet
ctlReservedCall
ctlSetBrightnessSetting
ctlSetCurrentScaling
ctlSetCurrentSharpness
ctlSetIntelArcSyncProfile
ctlSetLACEConfig
ctlSetPowerOptimizationSetting
ctlSetRuntimePath
ctlSoftwarePSR
ctlSwitchMux
ctlTemperatureGetProperties
ctlTemperatureGetState
ctlWaitForPropertyChange

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 990KB - Virtual size: 989KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

minATL
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 580KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

08b86e0aa82a6539a34fd3779d17c981

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

powrprof

ole32

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-power-setting-l1-1-0

advapi32

tdh

userenv

setupapi

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 990KB - Virtual size: 989KB

.data Size: 78KB - Virtual size: 112KB

.pdata Size: 95KB - Virtual size: 95KB

minATL Size: 512B - Virtual size: 24B

_RDATA Size: 512B - Virtual size: 256B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 580KB - Virtual size: 584KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 990KB - Virtual size: 989KB

.data
Size: 78KB - Virtual size: 112KB

.pdata
Size: 95KB - Virtual size: 95KB

minATL
Size: 512B - Virtual size: 24B

_RDATA
Size: 512B - Virtual size: 256B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 580KB - Virtual size: 584KB