drvstore[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

drvstore.dll
Size

1012KB
MD5

79bbeb5db693c37548833f59476f586f
SHA1

adbb182f3dfedbb51038a4ab4d6703e751c61246
SHA256

4adb6cd2ba65604b636129ef27bee97672f771c29325c5b2b2842ad6e99d68a5
SHA512

9cbdad9909b1a8b1a2d47644980d60dbb4d8a44fc56b43b33bf8ce4f4aa1503f82ec5eb0badc1d01ac0aa2a5656804ff5de75883100d76f9bae5f3d8b9750029
SSDEEP

24576:Px27qLNDRloEKVhpjn33KjMpLB3EZCnowvOAFAxu7s8LnT6JPR2RLnb9S7kE5XCz:Px6evoVV/8Mpl3EZCBFAxu75LTuOLx8K

Score

1^/10

Malware Config

Signatures

Files

drvstore.dll
.dll windows:10 windows x86 arch:x86

3e65aac7afd9e98260f1db2d1dec1d88

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:fc:f6:1d:ae:ed:65:8d:8f:fb:b9:81:09:25:93:6e:80:f7:16:67:31:61:b2:1a:aa:b0:cc:b9:84:93:fa:9a
Signer

Actual PE Digest

68:fc:f6:1d:ae:ed:65:8d:8f:fb:b9:81:09:25:93:6e:80:f7:16:67:31:61:b2:1a:aa:b0:cc:b9:84:93:fa:9a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

drvstore.pdb

Imports

msvcrt

??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler4_common
_initterm
malloc
free
memcpy
memmove
memcmp
_XcptFilter
_wcsnicmp
_vsnprintf
towlower
iswalpha
_onexit
swscanf
_lock
_CxxThrowException
memmove_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_vsnprintf_s
?what@exception@@UBEPBDXZ
memcpy_s
??3@YAXPAX@Z
??1exception@@UAE@XZ
__CxxFrameHandler3
towupper
wcsstr
_unlock
swscanf_s
wcsrchr
wcschr
_purecall
_vsnwprintf
__dllonexit
_wcsicmp
iswxdigit
_amsg_exit
_resetstkoflw
toupper
wcstoul
_errno
_wcstoui64
_wtoi
_ultow_s
_itow_s
??_V@YAXPAX@Z
wcscpy_s
swprintf_s
iswspace
wcstol
wcstok_s
bsearch
wcsncmp
_callnewh
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z
memset

ntdll

RtlInitUnicodeString
NtQuerySystemInformation
RtlGetVersion
RtlUnicodeToMultiByteSize
RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlUpcaseUnicodeChar
NtQueryInformationThread
NtSetInformationThread
RtlImageNtHeader
NtSetInformationFile
RtlGUIDFromString
RtlRandomEx
RtlGetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlFormatCurrentUserKeyPath
RtlFreeUnicodeString
NtDeleteKey
NtOpenKey
NtCreateKey
NtQueryKey
NtQueryValueKey
NtSetValueKey
NtDeleteValueKey
NtEnumerateKey
RtlIntegerToChar
RtlAnsiCharToUnicodeChar
RtlIsDosDeviceName_U
RtlGetLastNtStatus
RtlIsTextUnicode
RtlInitUnicodeStringEx
NtCreateTransaction
NtCommitTransaction
NtEnumerateValueKey
LdrLoadDll
LdrGetProcedureAddress
LdrUnloadDll
RtlMakeSelfRelativeSD
RtlSelfRelativeToAbsoluteSD2
RtlLengthRequiredSid
RtlInitializeSid
RtlSubAuthoritySid
RtlValidSid
RtlSetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlGetAce
RtlMapGenericMask
RtlAllocateHeap
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtSetEaFile
RtlReleaseRelativeName
NtCreateFile
RtlFreeHeap
NtWaitForSingleObject
DbgPrintEx
RtlRaiseStatus
RtlInitializeSRWLock
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlCreateUnicodeString
RtlEqualUnicodeString
RtlValidRelativeSecurityDescriptor
RtlLengthSecurityDescriptor
RtlUnicodeStringToInteger
RtlPrefixUnicodeString
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAceEx
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlValidSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
NtOpenThreadToken
NtOpenProcessToken
NtQuerySecurityObject
NtDuplicateToken
NtAdjustPrivilegesToken
RtlCopySid
RtlAddAce
NtSetSecurityObject
NtQueryObject
NtDuplicateObject
NtOpenThreadTokenEx
NtOpenProcessTokenEx
NtQueryInformationToken
RtlEqualSid
RtlConvertSidToUnicodeString
RtlAppendUnicodeStringToString
RtlTimeToTimeFields
RtlCompareMemory
LdrGetDllHandle
RtlInitAnsiString
RtlDuplicateUnicodeString
NtQueryInformationProcess
NtOpenProcess
NtQueryInformationFile
RtlNtStatusToDosErrorNoTeb
NtClose
RtlNtStatusToDosError
RtlVerifyVersionInfo

api-ms-win-core-libraryloader-l1-1-0

FreeLibrary
GetModuleFileNameW
LoadResource
FindResourceExW
LockResource
GetModuleHandleExW
GetModuleFileNameA
LoadLibraryExA
GetModuleHandleW
GetProcAddress
FreeResource
SizeofResource
LoadLibraryExW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
SetLastError
GetLastError
SetErrorMode

api-ms-win-core-file-l1-1-0

GetTempFileNameW
CreateDirectoryW
GetFileAttributesExW
RemoveDirectoryW
SetFileTime
GetFileInformationByHandle
CompareFileTime
SetFilePointer
DeleteFileW
GetDriveTypeW
GetFileSizeEx
FlushFileBuffers
GetFileSize
WriteFile
CreateFileW
GetFileTime
GetFullPathNameW
GetFileAttributesW
SetFileAttributesW
FindClose
FileTimeToLocalFileTime
SetEndOfFile
CreateFileA
FindNextFileW
ReadFile
GetShortPathNameW
LocalFileTimeToFileTime
FindFirstFileW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemInfo
GetSystemWindowsDirectoryW
GetLocalTime
GetWindowsDirectoryW
GetTickCount
GetSystemDirectoryW
GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

SleepEx
CreateMutexW
ReleaseMutex
WaitForMultipleObjectsEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSemaphore
EnterCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
CreateEventW
SetEvent
OpenSemaphoreW
CreateSemaphoreExW
LeaveCriticalSection
CreateMutexExW
WaitForSingleObjectEx
InitializeCriticalSection

api-ms-win-core-string-l1-1-0

GetStringTypeExW
CompareStringW
WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-localization-l1-2-0

LCMapStringW
GetThreadLocale
FormatMessageW

api-ms-win-core-processthreads-l1-1-0

TlsFree
GetCurrentProcessId
OpenThreadToken
GetCurrentProcess
TerminateProcess
TlsGetValue
GetCurrentThreadId
TlsSetValue
ExitProcess
OpenProcessToken
TlsAlloc
SetThreadToken
GetCurrentThread

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-file-l2-1-0

CopyFileExW
MoveFileExW
CreateHardLinkW

api-ms-win-core-kernel32-legacy-l1-1-0

CopyFileW
DosDateTimeToFileTime

api-ms-win-core-memory-l1-1-0

MapViewOfFile
VirtualQuery
VirtualProtect
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage

api-ms-win-core-wow64-l1-1-0

Wow64DisableWow64FsRedirection
IsWow64Process
Wow64RevertWow64FsRedirection

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetCommandLineA

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask
GetNativeSystemInfo

Exports

Exports

DriverPackageClose
DriverPackageEnumClassesW
DriverPackageEnumComponentsW
DriverPackageEnumConfigurationsW
DriverPackageEnumDevicesW
DriverPackageEnumDriversW
DriverPackageEnumEventProvidersW
DriverPackageEnumFilesW
DriverPackageEnumFiltersW
DriverPackageEnumInterfacesW
DriverPackageEnumPropertiesW
DriverPackageEnumRegKeysW
DriverPackageEnumServicesW
DriverPackageEnumSoftwareW
DriverPackageGetPropertyW
DriverPackageGetVersionInfoW
DriverPackageOpenW
DriverStoreClose
DriverStoreConfigureW
DriverStoreCopyW
DriverStoreDeleteW
DriverStoreDriverPackageResolveCallbackW
DriverStoreEnumDeviceDriversW
DriverStoreEnumNodesW
DriverStoreEnumObjectsW
DriverStoreEnumRelatedDriversW
DriverStoreEnumW
DriverStoreFindW
DriverStoreGetObjectPropertyKeysW
DriverStoreGetObjectPropertyW
DriverStoreImportW
DriverStoreMountNodeW
DriverStoreOfflineAddDriverPackageA
DriverStoreOfflineAddDriverPackageW
DriverStoreOfflineDeleteDriverPackageA
DriverStoreOfflineDeleteDriverPackageW
DriverStoreOfflineEnumDriverPackageA
DriverStoreOfflineEnumDriverPackageW
DriverStoreOfflineFindDriverPackageA
DriverStoreOfflineFindDriverPackageW
DriverStoreOpenW
DriverStorePublishW
DriverStoreReflectCriticalW
DriverStoreReflectW
DriverStoreRunDllW
DriverStoreSelectNodeW
DriverStoreSetLogContext
DriverStoreSetObjectPropertyW
DriverStoreUnconfigureW
DriverStoreUnmountNodeW
DriverStoreUnpublishW
DriverStoreUnreflectCriticalW
DriverStoreUnreflectW
DriverStoreUpdateDevicesW
pServerDeleteDriverPackage
pServerImportDriverPackage

Sections

.text
Size: 949KB - Virtual size: 949KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e65aac7afd9e98260f1db2d1dec1d88

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

68:fc:f6:1d:ae:ed:65:8d:8f:fb:b9:81:09:25:93:6e:80:f7:16:67:31:61:b2:1a:aa:b0:cc:b9:84:93:fa:9aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-wow64-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

Exports

Exports

Sections

.text Size: 949KB - Virtual size: 949KB

.data Size: 2KB - Virtual size: 7KB

.idata Size: 10KB - Virtual size: 10KB

.didat Size: 512B - Virtual size: 412B

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 39KB - Virtual size: 38KB

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

68:fc:f6:1d:ae:ed:65:8d:8f:fb:b9:81:09:25:93:6e:80:f7:16:67:31:61:b2:1a:aa:b0:cc:b9:84:93:fa:9a
Signer

.text
Size: 949KB - Virtual size: 949KB

.data
Size: 2KB - Virtual size: 7KB

.idata
Size: 10KB - Virtual size: 10KB

.didat
Size: 512B - Virtual size: 412B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 39KB - Virtual size: 38KB