WTabletServiceISD[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

WTabletServiceISD.exe
Size

4.4MB
MD5

d71d173c0225febc455673f1834152a6
SHA1

e51f3d2b4cbd15de7dd3201c2654723e15bbe687
SHA256

700f5cf47fec536cfdd9e6de1907a89657459dd4a19da790b1a1e216d4bcf06d
SHA512

4ef8b9bd977051e63148d2e529fc6ef9893374a006b82d62906b439e7ad790c79e3e80070911ec604e1ec580da12c581508d4d571e3e0430f239796e24a89cae
SSDEEP

49152:UCs4kZg44sM4igESPaOns/p6mS1+jD8TayXaK1Pj/Xzg7gn4pdp0CRXnHxFr6IV:hxonbmTyD1r/cjRXzV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WTabletServiceISD.exe

Files

WTabletServiceISD.exe
.exe windows:6 windows x64 arch:x64

04c24d1d45dcd79a1b3f89c9a97163c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\mike\Sources\Components\WinDriver\Build\StagingArea\src\WinDriver\Build\StagingArea\intermediate\Release\64\WTabletServiceISD.pdb

Imports

gdiplus

GdiplusShutdown
GdipCreateFontFamilyFromName
GdipFree
GdipCreatePath
GdipCreateBitmapFromHICON
GdipBitmapSetResolution
GdiplusStartup
GdipDrawImageRect
GdipDeletePath
GdipAddPathEllipse
GdipAddPathString
GdipAddPathPieI
GdipCreateMatrix
GdipDeleteMatrix
GdipRotateMatrix
GdipCreateRegionPath
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageFlags
GdipDisposeImage
GdipCloneImage
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipGetFamily
GdipDeleteFont
GdipCreateFont
GdipCreateFontFromLogfontW
GdipCreateFontFromDC
GdipIsStyleAvailable
GdipGetFamilyName
GdipGetGenericFontFamilySansSerif
GdipCloneFontFamily
GdipDeleteFontFamily
GdipRestoreGraphics
GdipSaveGraphics
GdipResetClip
GdipSetClipRegion
GdipSetClipGraphics
GdipDrawImageRectI
GdipDrawImage
GdipFillPath
GdipGraphicsClear
GdipDrawPath
GdipGetWorldTransform
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipSetWorldTransform
GdipSetSmoothingMode
GdipDeleteGraphics
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageBounds
GdipGetImageGraphicsContext
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipTransformRegion
GdipCombineRegionPath
GdipDeleteRegion
GdipAlloc

newdev

UpdateDriverForPlugAndPlayDevicesW

user32

PostMessageW
SystemParametersInfoA
GetClassNameW
EnumWindows
GetWindowLongPtrW
WindowFromPoint
GetCursorPos
MsgWaitForMultipleObjectsEx
IsIconic
IsWindowVisible
PostThreadMessageW
SetProcessDPIAware
UnhookWinEvent
SetWinEventHook
SetForegroundWindow
GetMonitorInfoW
EnumDisplayDevicesW
EnumDisplaySettingsExW
LoadImageW
FindWindowExW
GetDesktopWindow
GetWindowRect
MsgWaitForMultipleObjects
mouse_event
RegisterClassW
UnregisterDeviceNotification
RegisterDeviceNotificationA
SendMessageTimeoutA
PeekMessageW
PeekMessageA
LoadIconW
LoadBitmapW
SetClassLongPtrW
FillRect
GetClientRect
GetWindowTextW
EndPaint
BeginPaint
UpdateWindow
DrawTextW
GetSystemMetrics
GetDlgItem
SetWindowPos
PostQuitMessage
SendMessageW
CloseDesktop
SetThreadDesktop
OpenDesktopW
wsprintfW
MessageBoxW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
DestroyIcon
LoadStringW
SystemParametersInfoW
LoadCursorW
ClientToScreen
ReleaseDC
GetDC
UpdateLayeredWindow
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
EnumDisplayMonitors
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowThreadProcessId
GetForegroundWindow
MapVirtualKeyExW
SendInput
keybd_event
VkKeyScanExW
GetKeyboardState
GetAsyncKeyState
GetKeyState
GetKeyboardLayout
ToUnicodeEx
DefWindowProcW

shlwapi

PathFileExistsW

hid

HidP_GetCaps
HidD_GetAttributes
HidD_GetHidGuid
HidD_GetPreparsedData
HidD_FreePreparsedData
HidP_GetButtonCaps
HidP_GetSpecificValueCaps
HidP_GetValueCaps
HidD_GetFeature
HidD_SetFeature

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification
WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

setupapi

SetupDiCallClassInstaller
SetupCopyOEMInfW
SetupDiGetClassDevsW
CM_Reenumerate_DevNode_Ex
CM_Locate_DevNode_ExW
CM_Locate_DevNodeW
CM_Get_Parent
CM_Get_DevNode_Status
CM_Get_Device_ID_ExW
CM_Get_Device_IDW
SetupDiSetClassInstallParamsW
SetupDiGetDeviceRegistryPropertyA
SetupDiOpenDevRegKey
SetupGetInfFileListW
SetupDiGetClassDevsExW
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailW
SetupDiDeleteDeviceInterfaceData
SetupDiOpenDeviceInterfaceW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoList
SetupUninstallOEMInfW

winmm

PlaySoundW

imm32

ImmDisableIME

kernel32

GetStringTypeW
EncodePointer
GetCPInfo
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
GetACP
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
GetProcessHeap
SetConsoleCtrlHandler
GetTimeZoneInformation
FindFirstFileExA
FindFirstFileExW
K32GetModuleFileNameExW
K32EnumProcessModules
K32EnumProcesses
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CopyFileW
GetSystemWow64DirectoryW
lstrlenW
LocalAlloc
GetModuleFileNameW
IsWow64Process
GetWindowsDirectoryW
GetSystemDirectoryW
GetProcessId
ProcessIdToSessionId
GetExitCodeThread
TerminateThread
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
OutputDebugStringA
SetStdHandle
HeapSize
CreateSemaphoreExW
OpenSemaphoreW
OpenEventW
OpenMutexW
ReleaseMutex
ReleaseSemaphore
DuplicateHandle
GetFileSize
VerifyVersionInfoW
GetModuleHandleA
VerSetConditionMask
GetCommandLineW
GetModuleHandleW
InitializeCriticalSectionEx
DecodePointer
SetPriorityClass
SetProcessShutdownParameters
GetCurrentProcess
CreateMutexW
CreateMutexA
CreateNamedPipeW
ConnectNamedPipe
GetTickCount
SetCommTimeouts
PurgeComm
GetCommTimeouts
SetThreadPriority
GetCurrentThread
WaitForMultipleObjectsEx
GetExitCodeProcess
CreateDirectoryW
WaitForSingleObjectEx
WriteFile
ReadFileEx
ResetEvent
WriteConsoleW
WTSGetActiveConsoleSessionId
CreateFileW
ReadFile
OutputDebugStringW
CloseHandle
GetLastError
SetLastError
SetNamedPipeHandleState
PeekNamedPipe
TransactNamedPipe
WaitNamedPipeW
GetOverlappedResult
WaitForSingleObject
CreateEventW
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
FreeLibrary
GetProcAddress
GetNamedPipeInfo
LoadLibraryW
CreateEventA
CreateThread
WaitForMultipleObjects
DeleteFileW
GetFullPathNameW
SetFileAttributesW
LocalFree
FormatMessageW
Sleep
SetHandleInformation
CreatePipe
TerminateProcess
CreateProcessA
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
SetEndOfFile
RaiseException
MulDiv
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
OpenProcess
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
LoadResource
GetUserDefaultUILanguage
GetSystemDefaultLCID
GetUserDefaultLCID
FreeResource
LockResource
SizeofResource
GlobalAlloc
GlobalFree
FindResourceW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
FindClose
FindFirstFileW
FindNextFileW
SetEvent

gdi32

GetObjectW
SetTextColor
StretchBlt
SetBkColor
GetTextExtentExPointW
CreateSolidBrush
CreateFontW
SelectObject
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
CreateDIBitmap
CreateDCW

comdlg32

GetOpenFileNameW

advapi32

GetLengthSid
SetTokenInformation
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceA
SetEntriesInAclW
EqualSid
GetSecurityDescriptorSacl
GetTokenInformation
LookupAccountSidW
RegEnumValueW
RegDeleteKeyValueW
RegDeleteTreeW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
DuplicateTokenEx
AllocateAndInitializeSid
OpenProcessToken
CreateProcessAsUserW
RegQueryValueExA
RegCloseKey
RegNotifyChangeKeyValue
ImpersonateLoggedOnUser
RevertToSelf
CreateProcessAsUserA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenCurrentUser
RegOpenKeyW
RegQueryValueExW
RegSetValueExA
RegSetValueExW
RegCreateKeyExW
AddAccessAllowedAce
AddAce
GetAce
GetAclInformation
GetKernelObjectSecurity
RegQueryInfoKeyW
GetSecurityDescriptorDacl
GetSidLengthRequired
GetSidSubAuthority
InitializeAcl
InitializeSid
SetKernelObjectSecurity
RegEnumKeyExW
RegOpenKeyExW
FreeSid

shell32

ExtractIconExW
SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteExW
SHGetPropertyStoreForWindow
ShellExecuteW
SHGetKnownFolderItem
Shell_NotifyIconW
Shell_NotifyIconA

ole32

CoCreateInstance
CoTaskMemFree
CoInitializeEx
CreateStreamOnHGlobal
CoUninitialize
CLSIDFromString
CoInitialize

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 777KB - Virtual size: 777KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04c24d1d45dcd79a1b3f89c9a97163c3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

newdev

user32

shlwapi

hid

wtsapi32

userenv

setupapi

winmm

imm32

kernel32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 777KB - Virtual size: 777KB

.data Size: 55KB - Virtual size: 69KB

.pdata Size: 97KB - Virtual size: 97KB

.idata Size: 22KB - Virtual size: 22KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 777KB - Virtual size: 777KB

.data
Size: 55KB - Virtual size: 69KB

.pdata
Size: 97KB - Virtual size: 97KB

.idata
Size: 22KB - Virtual size: 22KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 22KB - Virtual size: 22KB