DTUDriver[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

DTUDriver.exe
Size

189KB
MD5

179937ce0463778c97b65427e499d6ea
SHA1

b394ef84158e43f9348fe2b0c9ff803852291de4
SHA256

4704c8f0f18fead460db8dc6893b8deb8c15414ecf4d833a78eae0267bab9cac
SHA512

20bd51fe51da4ff34b2c4ae158e98448bc26b4607a423a50a9b643b3699170ac7f8377177e24d3d14faa18a2bb24a2710d7847170803e341efaa9dadca861c57
SSDEEP

3072:5CoVymoLjOQDzQstHrv5chalHxnH8zkAFkQVuV4y2BZywjmwAgl85W13:5Co0moLK6zQstHrv5ZV4y2BZugR

Score

1^/10

Malware Config

Signatures

Files

DTUDriver.exe
.exe windows:10 windows x64 arch:x64

541479652871cb6cfb564bbb590753f2

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

21:e1:4d:f9:f8:32:4b:64:fc:50:b7:e5:c7:37:1e:7e:88:56:16:5c:7c:21:34:c9:31:20:87:36:c8:15:ca:dc
Signer

Actual PE Digest

21:e1:4d:f9:f8:32:4b:64:fc:50:b7:e5:c7:37:1e:7e:88:56:16:5c:7c:21:34:c9:31:20:87:36:c8:15:ca:dc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DTUDriver.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_strncpy_s
_o_strtol
_o_terminate
_o_wcstoul
__C_specific_handler
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o__errno
_o__cexit
_o__callnewh
wcschr
strchr
strrchr
__CxxFrameHandler3
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-core-kernel32-legacy-l1-1-1

SetDllDirectoryW

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW
LoadLibraryW

api-ms-win-eventing-legacy-l1-1-0

QueryTraceW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
GlobalFree
LocalAlloc

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
FreeLibrary
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
WaitForSingleObjectEx
OpenSemaphoreW
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SysAllocString
SysFreeString

api-ms-win-core-com-l1-1-0

StringFromCLSID
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchCombine
PathCchSkipRoot
PathCchRemoveBackslash
PathAllocCanonicalize

api-ms-win-core-file-l1-1-0

FlushFileBuffers
GetFileAttributesW
CreateDirectoryW
WriteFile
CreateFileW
DeleteFileW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteTreeW

rpcrt4

UuidFromStringW
UuidCreate

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
ControlTraceW
StartTraceW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

setupapi

SetupIterateCabinetW

crypt32

CertVerifyCertificateChainPolicy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

wininet

InternetOpenUrlW
InternetOpenW
HttpQueryInfoW
InternetCloseHandle
InternetReadFile

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

541479652871cb6cfb564bbb590753f2

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

21:e1:4d:f9:f8:32:4b:64:fc:50:b7:e5:c7:37:1e:7e:88:56:16:5c:7c:21:34:c9:31:20:87:36:c8:15:ca:dcSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-eventing-legacy-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-core-com-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-registry-l1-1-0

rpcrt4

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

setupapi

crypt32

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

wininet

api-ms-win-stateseparation-helpers-l1-1-0

api-ms-win-core-registry-l1-1-1

Sections

.text Size: 63KB - Virtual size: 63KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 48B

.rsrc Size: 75KB - Virtual size: 74KB

.reloc Size: 512B - Virtual size: 164B

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

21:e1:4d:f9:f8:32:4b:64:fc:50:b7:e5:c7:37:1e:7e:88:56:16:5c:7c:21:34:c9:31:20:87:36:c8:15:ca:dc
Signer

.text
Size: 63KB - Virtual size: 63KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 48B

.rsrc
Size: 75KB - Virtual size: 74KB

.reloc
Size: 512B - Virtual size: 164B