hidserv[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

hidserv.dll
Size

29KB
MD5

ea4d057f3d2ae3981c7ae04fb020a1c1
SHA1

a6ff1d5248854e2d5b892291a153e69135f7c683
SHA256

bacceace8dee5c6ee64f5588eb330f94e226eda184fa420754ef3dddd8b54039
SHA512

ad608784adcc5601fccfb44ff8dcdea256e1364c0f3ceb87396df7dffcb7db4c3e1dcef0d05a5839a2842c9a9cffef5f2da09129301b03345173bbae1beba8de
SSDEEP

384:sKOTqiK6Ai6pJt74pGAN1sHlhVevqiizhFB+BHy6MMfhlt4ri9r9yfaWmeWfPVpt:sKYb1TaJ0xfGhMWhuB54+9rQ6fP7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
hidserv.dll

Files

hidserv.dll
.dll windows:10 windows x86 arch:x86

860be4d734489c71f592bcceb9ac2da0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

hidserv.pdb

Imports

msvcrt

_amsg_exit
free
malloc
_initterm
_except_handler4_common
_ftol2
_XcptFilter
memset

ntdll

EtwGetTraceEnableFlags
RtlPublishWnfStateData
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
EtwTraceMessage
EtwUnregisterTraceGuids

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW
StartServiceW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

kernel32

ResolveDelayLoadedAPI
CreateFileW
DelayLoadFailureHook
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
LocalFree
LocalAlloc
CompareStringW
WaitForSingleObject
CreateEventW
CloseHandle
CreateThread
ReadFile
CancelIo
WaitForMultipleObjects
CreateMutexW
OpenEventW
ReleaseMutex
GetLastError
SetEvent
GetProcAddress
WTSGetActiveConsoleSessionId
FreeLibrary
SleepEx
LoadLibraryExW

hid

HidD_FreePreparsedData
HidP_GetUsages
HidP_MaxUsageListLength
HidP_GetButtonCaps
HidD_GetAttributes
HidP_GetLinkCollectionNodes
HidP_GetCaps
HidD_GetPreparsedData
HidD_GetHidGuid
HidP_GetValueCaps
HidP_GetUsageValue
HidP_GetScaledUsageValue

user32

PostMessageW
RegisterClassExW
GetGUIThreadInfo
UnregisterDeviceNotification
SystemParametersInfoW
KillTimer
TranslateMessage
SendNotifyMessageW
SetTimer
DispatchMessageW
RegisterDeviceNotificationW
CreateWindowExW
DestroyWindow
UnregisterClassW
DefWindowProcW
GetMessageW
SendInput

Exports

Exports

InstallHidserv
ServiceMain

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

860be4d734489c71f592bcceb9ac2da0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-service-core-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

kernel32

hid

user32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 2KB

.didat Size: 512B - Virtual size: 36B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 19KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 36B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB