avrdude[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

avrdude.exe
Size

2.9MB
MD5

432f227a8c6e042781a56f7183498b48
SHA1

f6dbb4bcd388f5b9279d2a03ed5770d5abfc1764
SHA256

8097ef7b81e0f3fff09d100246ccc291a1f7407ea446a2048734a8453af3cdbd
SHA512

47286bc1e59899e2c190e3620eb23340d69c6a0eeb0a1f3ec400a18eda57aba1cadd245f5b2dafc94f5d20280c6d533cc584a3b1025410326c22663f248682fb
SSDEEP

49152:E7beM3YKIejkNksHKMg665QNGwFNxXa4bAaL:soK7oNks

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
avrdude.exe

Files

avrdude.exe
.exe windows:6 windows x64 arch:x64

6b5821915815e30876e37650672ed821

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\avrdude\avrdude\build\src\RelWithDebInfo\avrdude.pdb

Imports

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDevicePropertyW
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

hid

HidD_GetAttributes
HidD_GetHidGuid
HidD_GetProductString

ws2_32

recv
htons
WSAGetLastError
connect
socket
send
WSAStartup
gethostbyname
closesocket
WSACleanup
select

kernel32

HeapSize
SetEnvironmentVariableW
FreeEnvironmentStringsW
SetEndOfFile
WriteConsoleW
GetProcessHeap
DeleteFileW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileSizeEx
GetFileAttributesExW
CreateProcessW
GetExitCodeProcess
GetModuleFileNameW
WideCharToMultiByte
SearchPathA
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
ReadFile
CancelIo
WriteFile
WaitForSingleObject
CreateFileA
CloseHandle
GetOverlappedResult
CreateEventA
GetCommModemStatus
SetupComm
GetLastError
EscapeCommFunction
LocalFree
FormatMessageA
SetCommState
GetTimeZoneInformation
GetSystemTimeAsFileTime
SetCommTimeouts
DeviceIoControl
CreateFileW
CreateEventW
MultiByteToWideChar
ResetEvent
FormatMessageW
LoadLibraryW
GetProcAddress
FreeLibrary
LoadLibraryExW
HeapReAlloc
SetStdHandle
GetCurrentDirectoryW
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
RtlUnwind
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetFullPathNameW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetCommandLineA
GetCommandLineW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetStdHandle
SetFilePointerEx
GetConsoleMode
ReadConsoleW
HeapAlloc
HeapFree

winmm

timeBeginPeriod
timeEndPeriod

winusb

WinUsb_WritePipe
WinUsb_Initialize
WinUsb_GetDescriptor
WinUsb_SetPipePolicy
WinUsb_ControlTransfer
WinUsb_GetAssociatedInterface
WinUsb_Free
WinUsb_ReadPipe

Exports

Exports

hid_close
hid_enumerate
hid_error
hid_exit
hid_free_enumeration
hid_get_device_info
hid_get_feature_report
hid_get_indexed_string
hid_get_input_report
hid_get_manufacturer_string
hid_get_product_string
hid_get_serial_number_string
hid_init
hid_open
hid_open_path
hid_read
hid_read_timeout
hid_send_feature_report
hid_set_nonblocking
hid_version
hid_version_str
hid_winapi_get_container_id
hid_write

Sections

.text
Size: 899KB - Virtual size: 899KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b5821915815e30876e37650672ed821

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

hid

ws2_32

kernel32

winmm

winusb

Exports

Exports

Sections

.text Size: 899KB - Virtual size: 899KB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 11KB - Virtual size: 196KB

.pdata Size: 39KB - Virtual size: 39KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 185KB - Virtual size: 185KB

.text
Size: 899KB - Virtual size: 899KB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 11KB - Virtual size: 196KB

.pdata
Size: 39KB - Virtual size: 39KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 185KB - Virtual size: 185KB