4aeb7f0f2bc75458a1b84af8064bf68248498e92fb08bcd17b334215f9196d33

Sharing

Copy URL Twitter E-mail

General

Target

4aeb7f0f2bc75458a1b84af8064bf68248498e92fb08bcd17b334215f9196d33
Size

1.2MB
MD5

7db110c63e571a82f7c4fe6f780c0b6b
SHA1

f6ff9fe2455c63e6c4932a81ff98d16e5fdfa2c8
SHA256

4aeb7f0f2bc75458a1b84af8064bf68248498e92fb08bcd17b334215f9196d33
SHA512

1141df606663451cb04c07056387d9a6f3a19c2c47b5d47056c943e61c8a3b50f4497a9310ba0da530e846710852c4629fc2a187c4c3298043676943a525f46d
SSDEEP

24576:8Fj+9rDStHusqjnhMgeiCl7G0nehbGZpbD:v9StHCDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4aeb7f0f2bc75458a1b84af8064bf68248498e92fb08bcd17b334215f9196d33

Files

4aeb7f0f2bc75458a1b84af8064bf68248498e92fb08bcd17b334215f9196d33
.exe windows:6 windows x64 arch:x64

b4970532f5c5f310e2265a1e8c2defc6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\SCD\Documents\MyWork\Project--dynabookFunctionKeyControlService\FunctionKeyControlService_dev\x64\Release\DSDFunctionKeyCtlService.pdb

Imports

kernel32

CreateFileW
DeviceIoControl
CreateThread
TerminateThread
LoadLibraryW
FreeLibrary
GetProcAddress
ProcessIdToSessionId
GetCurrentProcessId
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
FindPackagesByPackageFamily
GetModuleHandleW
K32EnumProcesses
OpenProcess
K32EnumProcessModules
K32GetModuleBaseNameW
lstrcmpW
LocalFree
GetSystemDirectoryW
GetCurrentProcess
InitializeCriticalSection
CreateProcessW
ReadFile
SetEndOfFile
WriteConsoleW
SetFilePointerEx
SetStdHandle
LoadLibraryExW
LCMapStringW
GetStringTypeW
FreeEnvironmentStringsW
DeleteCriticalSection
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
GetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
WideCharToMultiByte
GetModuleHandleExW
ExitProcess
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetCommandLineW
GetFileAttributesExW
EncodePointer
DecodePointer
RaiseException
InitializeCriticalSectionEx
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateMutexW
HeapReAlloc
HeapSize
HeapDestroy
HeapFree
GetProcessHeap
HeapAlloc
MultiByteToWideChar
WTSGetActiveConsoleSessionId
Sleep
CloseHandle
GetCurrentThreadId
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetTickCount
OutputDebugStringW
ExpandEnvironmentStringsW
GetPrivateProfileStringW
CreateDirectoryW
IsProcessorFeaturePresent
LeaveCriticalSection
EnterCriticalSection
IsDebuggerPresent
GetPrivateProfileIntW
GetModuleFileNameW
GetLastError
GetEnvironmentStringsW
ReadConsoleW

user32

LoadCursorW
LoadIconW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
IsWindow
CreateWindowExW
ShowWindow
PostMessageW
FindWindowW
RegisterWindowMessageW
AttachThreadInput
SetFocus
BringWindowToTop
SwitchToThisWindow
SetWindowPos
IsWindowVisible
GetWindowTextW
RegisterClassExW
EnumWindows
LockWorkStation
MapVirtualKeyW
SendMessageW
SetForegroundWindow
FindWindowExW
GetClassNameW
GetForegroundWindow
wsprintfW
CharUpperW
LoadStringW
SendInput
EnumDisplaySettingsExW
EnumDisplaySettingsW
EnumDisplayDevicesW
DisplayConfigGetDeviceInfo
QueryDisplayConfig
GetDisplayConfigBufferSizes
ChangeDisplaySettingsExW
GetSystemMetrics
ChangeWindowMessageFilter
KillTimer
SetTimer
GetRawInputDeviceInfoW
GetRawInputData
RegisterRawInputDevices
DefWindowProcW
PostQuitMessage
UpdateWindow
GetWindowThreadProcessId

advapi32

RegNotifyChangeKeyValue
RegSetValueExW
RegCloseKey
DuplicateTokenEx
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
ControlService
StartServiceW
DeleteService
CreateServiceW
CloseServiceHandle
ChangeServiceConfig2W
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenCurrentUser
RegOpenKeyW
RegQueryValueExW
RegGetValueW
RegEnumKeyExW
RegQueryInfoKeyW
CreateProcessAsUserW
RegOpenKeyExW

shell32

SHGetFolderPathW
ShellExecuteW

ole32

CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SysFreeString
VariantInit
SysAllocString

shlwapi

StrStrIW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification
WTSFreeMemory
WTSQuerySessionInformationW

hid

HidD_GetAttributes
HidD_SetOutputReport
HidD_GetHidGuid

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW

powrprof

SetSuspendState

Sections

.text
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b4970532f5c5f310e2265a1e8c2defc6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

wtsapi32

hid

setupapi

powrprof

Sections

.text Size: 262KB - Virtual size: 262KB

.rdata Size: 156KB - Virtual size: 156KB

.data Size: 9KB - Virtual size: 34KB

.pdata Size: 13KB - Virtual size: 12KB

.rsrc Size: 217KB - Virtual size: 217KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 262KB - Virtual size: 262KB

.rdata
Size: 156KB - Virtual size: 156KB

.data
Size: 9KB - Virtual size: 34KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 217KB - Virtual size: 217KB

.reloc
Size: 568KB - Virtual size: 572KB