2d971d48-a375-4661-a904-901d3ac2797c_7c4c175040f6db326a310a65e4995b151d902a41[.]cab

Sharing

Copy URL Twitter E-mail

General

Target

2d971d48-a375-4661-a904-901d3ac2797c_7c4c175040f6db326a310a65e4995b151d902a41.cab
Size

1.1MB
MD5

080c43e95f87d794c117d04364e6eeb1
SHA1

7c4c175040f6db326a310a65e4995b151d902a41
SHA256

e732863799015d2323816489dcc01ca2fc7f826d32734f2ba4b65af6302273bf
SHA512

cfdfcc000abe7fe9b9b4cfff56ad22022683e0e04e6ef83b141c6e4444f6274d88f71d779f51e1f327ce73adaffd1337db830322330c2bae6e9d7c060b7a9c37
SSDEEP

24576:GAjzj+GtVElm4X76dTde/NSQAp6vC2lUb68VeD8/PmumfNv0:njvtiFX76dw/N6q+xVg8/YNs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/mtkihvx.dll

Files

2d971d48-a375-4661-a904-901d3ac2797c_7c4c175040f6db326a310a65e4995b151d902a41.cab
.cab

Password: infected
WIFI_MT7961_patch_mcu_1_2_hdr.bin
WIFI_RAM_CODE_MT7961_1.bin
mtkihvx.dll
.dll windows:6 windows x64 arch:x64

Password: infected

6f7183b5905f8d3fe98816cbee639bdc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

N:\MtK22385-Project\TOOL_IHV\seattle\mtkihv\x64\Release\mtkihvx.pdb

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSection
CreateThread
WriteConsoleW
DeviceIoControl
OutputDebugStringA
DebugBreak
CreateFileA
WaitForSingleObject
WTSGetActiveConsoleSessionId
Sleep
ResetEvent
SetEvent
CreateEventA
LeaveCriticalSection
EnterCriticalSection
GetLastError
WaitForMultipleObjects
CloseHandle
CreateFileW
OutputDebugStringW
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleOutputCP
WriteFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetCurrentThread
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
SetConsoleCtrlHandler
GetFileSizeEx
SetFilePointerEx
GetStringTypeW
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
RtlUnwind

advapi32

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegNotifyChangeKeyValue
RegEnumKeyExA
RegCloseKey
OpenEventLogA
NotifyChangeEventLog
TraceMessage

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllMain
Dot11ExtIhvGetVersionInfo
Dot11ExtIhvInitService

Sections

.text
Size: 407KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mtkwl6ex.cat
mtkwl6ex.inf
mtkwl6ex.sys
.sys windows:10 windows x64 arch:x64

035a8df507cdfabca9685677f6774597

Code Sign

33:00:00:00:4e:59:56:10:83:2b:4e:0c:6c:00:00:00:00:00:4e
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

09/09/2021, 19:16

Not After

01/09/2022, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:50:21:ba:6e:d8:5a:72:ad:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17/06/2021, 17:55

Not After

16/06/2022, 17:55

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

88:04:57:4e:0c:80:f9:51:77:c1:d3:e9:29:1e:ab:58:eb:3b:e6:36:31:9c:63:bc:c9:04:4b:8b:85:7f:56:40
Signer

Actual PE Digest

88:04:57:4e:0c:80:f9:51:77:c1:d3:e9:29:1e:ab:58:eb:3b:e6:36:31:9c:63:bc:c9:04:4b:8b:85:7f:56:40

Digest Algorithm

sha256

PE Digest Matches

true

88:04:57:4e:0c:80:f9:51:77:c1:d3:e9:29:1e:ab:58:eb:3b:e6:36:31:9c:63:bc:c9:04:4b:8b:85:7f:56:40
Signer

Actual PE Digest

88:04:57:4e:0c:80:f9:51:77:c1:d3:e9:29:1e:ab:58:eb:3b:e6:36:31:9c:63:bc:c9:04:4b:8b:85:7f:56:40

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\worktmp\7270\codebase\wlan_driver\seattle\wifi_driver\windows\PLATFORM\Ndis6\x64\mtkwl6ex.pdb

Imports

ntoskrnl.exe

RtlAppendUnicodeToString
ExInterlockedRemoveHeadList
RtlGetVersion
IoGetDmaAdapter
ZwSetValueKey
ZwCreateKey
MmBuildMdlForNonPagedPool
RtlAnsiStringToUnicodeString
ExInterlockedInsertTailList
_vsnwprintf
sprintf
ZwQueryValueKey
ZwOpenKey
IoReleaseCancelSpinLock
IofCompleteRequest
MmMapLockedPagesSpecifyCache
ExFreePoolWithTag
ExAllocatePoolWithTag
KfRaiseIrql
KeLowerIrql
ZwClose
ObfDereferenceObject
ObReferenceObjectByHandle
PsTerminateSystemThread
PsCreateSystemThread
KeWaitForSingleObject
KeSetPriorityThread
KeFlushQueuedDpcs
PsGetCurrentThreadId
KeInitializeSpinLock
ZwWriteFile
ZwCreateFile
RtlInitUnicodeString
KeGetCurrentIrql
KeInitializeEvent
RtlCopyUnicodeString
RtlUnicodeStringToAnsiString
isxdigit
__chkstk
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlTimeToTimeFields
ExSystemTimeToLocalTime
swprintf
KeClearEvent
KeSetEvent
_vsnprintf
strchr
strncmp
__C_specific_handler
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
IoBuildDeviceIoControlRequest
IofCallDriver
IoWMIOpenBlock
IoWMIQueryAllData
IoWMIExecuteMethod
IoWMISetNotificationCallback
IoWMIRegistrationControl
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
MmGetSystemRoutineAddress

hal

KeQueryPerformanceCounter
KeStallExecutionProcessor

ndis.sys

NdisRetreatNetBufferListDataStart
NdisAllocateNetBufferList
NdisMIndicateStatusEx
NdisMDeregisterWdiMiniportDriver
NdisMRegisterWdiMiniportDriver
NdisMDeregisterScatterGatherDma
NdisMRegisterScatterGatherDma
NdisMGetDeviceProperty
NdisMUnmapIoSpace
NdisMMapIoSpace
NdisMSetBusData
NdisMGetBusData
NdisMDeregisterInterruptEx
NdisMRegisterInterruptEx
NdisGetVersion
NdisMAllocateNetBufferSGList
NdisDeregisterDeviceEx
NdisRegisterDeviceEx
NdisInitializeString
NdisUnmapFile
NdisMapFile
NdisCloseFile
NdisOpenFile
NdisWriteConfiguration
NdisMFreeNetBufferSGList
NdisFreeIoWorkItem
NdisFreeTimerObject
NdisCancelTimerObject
NdisSetTimerObject
NdisAllocateTimerObject
NdisWaitEvent
NdisMSynchronizeWithInterruptEx
NdisSetEvent
NdisInitializeEvent
NdisAllocateMemoryWithTagPriority
NdisReleaseReadWriteLock
NdisAcquireReadWriteLock
NdisQueueIoWorkItem
NdisGetDeviceReservedExtension
NdisResetEvent
NdisInitializeReadWriteLock
NdisReadConfiguration
NdisCloseConfiguration
NdisOpenConfigurationEx
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisAllocateNetBufferAndNetBufferList
NdisFreeNetBufferList
NdisAllocateNetBufferPool
NdisFreeNetBufferPool
NdisAllocateMdl
NdisFreeMdl
NdisAllocateIoWorkItem
NdisFreeMemory
NdisMSleep

wdfldr.sys

WdfVersionUnbind
WdfVersionBind
WdfVersionBindClass
WdfVersionUnbindClass

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 1011KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

6f7183b5905f8d3fe98816cbee639bdc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 407KB - Virtual size: 406KB

.rdata Size: 77KB - Virtual size: 76KB

.data Size: 3KB - Virtual size: 10KB

.pdata Size: 19KB - Virtual size: 18KB

_RDATA Size: 512B - Virtual size: 384B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

035a8df507cdfabca9685677f6774597

Code Sign

33:00:00:00:4e:59:56:10:83:2b:4e:0c:6c:00:00:00:00:00:4eCertificate

Extended Key Usages

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate

Key Usages

33:00:00:00:c4:50:21:ba:6e:d8:5a:72:ad:00:00:00:00:00:c4Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

88:04:57:4e:0c:80:f9:51:77:c1:d3:e9:29:1e:ab:58:eb:3b:e6:36:31:9c:63:bc:c9:04:4b:8b:85:7f:56:40Signer

88:04:57:4e:0c:80:f9:51:77:c1:d3:e9:29:1e:ab:58:eb:3b:e6:36:31:9c:63:bc:c9:04:4b:8b:85:7f:56:40Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

ndis.sys

wdfldr.sys

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 78KB - Virtual size: 78KB

.data Size: 69KB - Virtual size: 1011KB

.pdata Size: 23KB - Virtual size: 23KB

PAGE Size: 2KB - Virtual size: 1KB

INIT Size: 4KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 407KB - Virtual size: 406KB

.rdata
Size: 77KB - Virtual size: 76KB

.data
Size: 3KB - Virtual size: 10KB

.pdata
Size: 19KB - Virtual size: 18KB

_RDATA
Size: 512B - Virtual size: 384B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

33:00:00:00:4e:59:56:10:83:2b:4e:0c:6c:00:00:00:00:00:4e
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

33:00:00:00:c4:50:21:ba:6e:d8:5a:72:ad:00:00:00:00:00:c4
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

88:04:57:4e:0c:80:f9:51:77:c1:d3:e9:29:1e:ab:58:eb:3b:e6:36:31:9c:63:bc:c9:04:4b:8b:85:7f:56:40
Signer

88:04:57:4e:0c:80:f9:51:77:c1:d3:e9:29:1e:ab:58:eb:3b:e6:36:31:9c:63:bc:c9:04:4b:8b:85:7f:56:40
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 78KB - Virtual size: 78KB

.data
Size: 69KB - Virtual size: 1011KB

.pdata
Size: 23KB - Virtual size: 23KB

PAGE
Size: 2KB - Virtual size: 1KB

INIT
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 4KB - Virtual size: 3KB