chkwudrv[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

chkwudrv.dll
Size

18KB
MD5

8bea138187a90f22a214cff2b2f78ece
SHA1

e56dc6114ffb6aeaa9fcf3188137df37fc13be7d
SHA256

4965c5a984bffd37cff4a5b0a2ec4c363d34f07c2c2650c0219d7048a11e740d
SHA512

95c1db24a2c89d9b1e229296962143652dd63b7e98fc2b5cd84190814ed01d6fa38cc067669e16b564ada63a0d0a60263889f947f9be996fa2c77fbd2adad7df
SSDEEP

384:+CB3BI0dQkSd+Kzl61tAneR6KHDlGARjWIkhTW6c:bBBH63J0LR58cIdc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
chkwudrv.dll

Files

chkwudrv.dll
.dll windows:6 windows x86 arch:x86

a5b44cfcc87bca1b9c22eb4a0db4354d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

chkwudrv.pdb

Imports

msvcrt

_initterm
_amsg_exit
_unlock
__dllonexit
_lock
_onexit
free
malloc
_XcptFilter
??2@YAPAXI@Z
_wcsicmp
??3@YAXPAX@Z
memset
_purecall
_except_handler4_common
_vsnwprintf

kernel32

HeapAlloc
QueryPerformanceCounter
InterlockedCompareExchange
InterlockedExchange
ResetEvent
TlsSetValue
CreateEventW
GetFileAttributesW
CreateFileW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TlsGetValue
SetEvent
Sleep
TlsFree
TlsAlloc
DisableThreadLibraryCalls
CloseHandle
RemoveDirectoryW
GetLastError
GetTempPathW
SetLastError
HeapFree
FindClose
FindNextFileW
DeleteFileW
SetFileAttributesW
FindFirstFileW
GetProcessHeap
GetTickCount

user32

PeekMessageW
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen
VariantInit

ole32

StringFromGUID2
CoCreateInstance
CoUninitialize
CoInitializeEx
CoCreateGuid

shell32

SHCreateDirectoryExW

setupapi

pSetupConcatenatePaths
pSetupGetFileTitle

Exports

Exports

CancelWUOperation
IsWUAvailable
OpenWUContext
ReleaseWUContext
RemoveWUDirectory
WUDownloadUpdatedFiles
WUExpandUpdateToPath
WUFindMatchingDriver
WUInstallBestUpdate

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 814B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5b44cfcc87bca1b9c22eb4a0db4354d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

oleaut32

ole32

shell32

setupapi

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 900B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 814B

.text
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 900B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 814B