autofmt.pdb
Static task
static1
1 signatures
General
-
Target
autofmt.exe
-
Size
818KB
-
MD5
6f928b0422545d4c76f22505040aff1b
-
SHA1
7005f078f5eacc25c2a2c933d39da41ae36103f8
-
SHA256
d1cda8ccff47cc8c16301e52dff2ec4939a426a7d73dfcae47726ade48774a82
-
SHA512
d3cf2b96a869893473ab751e913b8efd054509ba13cbb6488b444b3596e4726191ff2dc16ef7651ed4d012974c01e386acf306b1d744d3ba979182ee54383333
-
SSDEEP
24576:suBuuU0OY0MnI8fkdek7lPhqBLCab8ggdJJf3IiwAhFK:qY0MnI8fkdekhP0TbUnJf3IiwAh
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource autofmt.exe
Files
-
autofmt.exe.sys windows:10 windows x86 arch:x86
2e37bee382af7da6352efc2eb50436b8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntdll
_wcsicmp
_wcsupr
LdrSetMUICacheType
NtDelayExecution
_stricmp
atoi
RtlSetHeapInformation
NtTerminateProcess
RtlCaptureContext
RtlUnhandledExceptionFilter
_aullshr
memmove
RtlFreeAnsiString
RtlAllocateHeap
RtlNormalizeProcessParams
RtlUnicodeStringToAnsiString
isspace
_vsnprintf
_vsnwprintf
RtlMultiByteToUnicodeN
RtlOemToUnicodeN
RtlUnicodeToMultiByteN
RtlUnicodeToOemN
_wcslwr
wcschr
RtlInitUnicodeString
NtOpenFile
NtClose
NtDeviceIoControlFile
NtQuerySystemInformation
RtlSizeHeap
RtlFreeHeap
RtlNumberGenericTableElementsAvl
NtQueryInformationFile
NtFsControlFile
NtQueryVolumeInformationFile
wcstoul
_wcstoui64
NtWriteFile
NtCreateFile
NtReadFile
RtlRaiseStatus
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
NtOpenProcessToken
NtAdjustPrivilegesToken
NtShutdownSystem
NtQuerySystemTime
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlExpandEnvironmentStrings_U
NtSetInformationFile
RtlValidRelativeSecurityDescriptor
RtlGetVersion
RtlTimeToTimeFields
VerSetConditionMask
RtlVerifyVersionInfo
NtDisplayString
NtSerializeBoot
swprintf_s
NtCreateEvent
NtClearEvent
NtSetThreadExecutionState
NtWaitForMultipleObjects
NtCancelIoFile
RtlQueryRegistryValuesEx
RtlRandomEx
NtQueryPerformanceCounter
isprint
qsort
wcsncmp
RtlFindMessage
RtlInitAnsiStringEx
RtlAnsiStringToUnicodeString
RtlFormatMessage
NtOpenKey
NtQueryValueKey
RtlPrefixUnicodeString
RtlLengthRequiredSid
RtlInitializeSid
RtlSubAuthoritySid
RtlLengthSid
RtlCopySid
RtlAddAce
RtlCreateAcl
RtlQueryInformationAcl
RtlCreateSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlNewSecurityObject
RtlValidSecurityDescriptor
RtlLengthSecurityDescriptor
RtlAddAccessAllowedAce
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlInitializeBitMap
RtlSetBits
RtlLookupElementGenericTable
RtlClearBits
RtlFindSetBits
RtlDeleteElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
RtlNumberOfSetBits
RtlInitializeGenericTableAvl
RtlEnumerateGenericTableAvl
RtlLookupFirstMatchingElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableFullAvl
RtlInsertElementGenericTableFullAvl
RtlDeleteElementGenericTableAvlEx
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTableAvl
NtSetVolumeInformationFile
RtlSystemTimeToLocalTime
RtlCrc64
RtlUpcaseUnicodeString
RtlComputeCrc32
RtlWriteRegistryValue
DbgPrint
EtwEventUnregister
EtwEventRegister
EtwEventSetInformation
EtwEventWriteTransfer
DbgPrintEx
NtFlushBuffersFile
RtlUnwind
_alldiv
_alldvrm
_allmul
_allrem
_allshl
_aulldiv
_aulldvrm
_chkstk
memcmp
memcpy
memset
Sections
.text Size: 517KB - Virtual size: 516KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 271KB - Virtual size: 270KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ