51578b1c762dc54aa0e28df3d349499756203167d7b8fe2af98d6d9cee2d014f

Sharing

Copy URL

Twitter E-mail

General

Target

51578b1c762dc54aa0e28df3d349499756203167d7b8fe2af98d6d9cee2d014f
Size

435KB
MD5

0b725bd82992d14ecb708c12f9ef7e69
SHA1

6fb16a7999c74cf4fb39206190dde7c6e1b63f5d
SHA256

51578b1c762dc54aa0e28df3d349499756203167d7b8fe2af98d6d9cee2d014f
SHA512

0060688f3ae156ed129046f5806bd9827830fdc7b04310e57996b77a3f2dd3efa38a1b15f2ce970f6a33ff46c90f46a51433adb03cf3a400b668e2509a176047
SSDEEP

3072:LOIXZl+YYnKjKwhsuEFl1LfebI00f7YjfUqoclO2kWsAdXpXFBHtj+HB2f26b94b:iffe8qtDXp/26b9PaeUqifH8t8/LZV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
51578b1c762dc54aa0e28df3d349499756203167d7b8fe2af98d6d9cee2d014f

Files

51578b1c762dc54aa0e28df3d349499756203167d7b8fe2af98d6d9cee2d014f
.exe windows:4 windows x86 arch:x86

4f9cd16d46a362b90ad95e5ac34d1dfc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\drivergenius_srv\dgsrv_1615_20201202_fb\product\win32\dbginfo\DgService.pdb

Imports

kernel32

CreateDirectoryW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
ReadFile
GetFileSize
CreateFileW
WriteFile
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
CreateFileA
GetFileAttributesA
SetFileAttributesA
SetFilePointer
SetFilePointerEx
GetFileSizeEx
FindFirstFileA
FindNextFileA
GetFileAttributesExA
GetFileAttributesExW
DeleteFileA
CopyFileA
CopyFileW
RemoveDirectoryA
MoveFileA
MoveFileExA
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateSemaphoreW
CreateEventW
GetCurrentProcessId
WaitForMultipleObjects
ReleaseSemaphore
SetEnvironmentVariableA
CompareStringW
SetFileAttributesW
WriteConsoleW
MoveFileW
MoveFileExW
DeleteFileW
GetLocalTime
SystemTimeToFileTime
OutputDebugStringA
GetLogicalDriveStringsW
QueryDosDeviceW
CreateProcessW
InterlockedDecrement
OpenProcess
GetVersionExW
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpA
lstrcpyW
LocalAlloc
LocalFree
GetCommandLineW
lstrcmpiW
CreateMutexW
SetConsoleCtrlHandler
GetCurrentThreadId
WTSGetActiveConsoleSessionId
WritePrivateProfileStringW
GetPrivateProfileIntW
GetTickCount
OutputDebugStringW
GetCurrentThread
GetCurrentProcess
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetFileAttributesW
CreateThread
CloseHandle
Sleep
InterlockedExchange
OpenEventW
SetEvent
TerminateThread
WaitForSingleObject
GetModuleFileNameW
GetPrivateProfileStringW
GetModuleFileNameA
GetPrivateProfileIntA
lstrlenA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
GetLastError
LoadLibraryW
FreeLibrary
GetModuleHandleW
GetProcAddress
Process32FirstW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
GetLocaleInfoW
LoadLibraryA
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
ExitProcess
LCMapStringW
LCMapStringA
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
InterlockedIncrement
Process32NextW
Thread32First
OpenThread
Thread32Next
SuspendThread
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
CompareStringA
GetCPInfo
GetStartupInfoW
ResumeThread
ExitThread
GetSystemTimeAsFileTime
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
TerminateProcess
UnhandledExceptionFilter

user32

CharNextW
PostThreadMessageW
LoadStringW
UnregisterClassA

advapi32

ConvertStringSidToSidW
RegOpenKeyA
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyW
RegSetValueExW
RegOpenKeyExW
CloseServiceHandle
RegQueryValueW
RegSetValueExA
RegEnumValueW
RegEnumValueA
RegEnumKeyW
RegEnumKeyA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegCreateKeyW
RegCreateKeyA
RegOpenKeyExA
AllocateAndInitializeSid
EqualSid
FreeSid
CreateProcessAsUserW
DuplicateTokenEx
SetTokenInformation
QueryServiceConfigW
QueryServiceStatus
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
OpenThreadToken
OpenProcessToken
RegCreateKeyExW
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegQueryValueExW
RegDeleteValueW
ChangeServiceConfigW
StartServiceW
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ControlService
DeleteService
CreateServiceW
OpenSCManagerW
OpenServiceW
RegCloseKey

shell32

SHGetSpecialFolderPathW

ole32

CoInitializeSecurity
CoInitializeEx
OleRun
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

CreateErrorInfo
VariantClear
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SetErrorInfo
VariantInit
VariantChangeType
GetErrorInfo
SysFreeString

shlwapi

PathFileExistsA
PathIsDirectoryW
PathIsDirectoryA
PathFileExistsW
PathAddBackslashW
SHDeleteKeyW
SHGetValueA
PathAppendW
PathRemoveFileSpecA
SHSetValueA
SHSetValueW
SHDeleteValueA
SHDeleteValueW
PathRemoveFileSpecW
SHGetValueW
PathAppendA

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory
WTSWaitSystemEvent
WTSEnumerateSessionsW

crypt32

CryptDecodeObject
CertFreeCertificateContext
CryptMsgClose
CertCloseStore
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertGetNameStringW

userenv

CreateEnvironmentBlock

psapi

GetProcessImageFileNameW

patchcore

ord264

pnpsup

ord34

Sections

.text
Size: 300KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4f9cd16d46a362b90ad95e5ac34d1dfc

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wtsapi32

crypt32

userenv

psapi

patchcore

pnpsup

Sections

.text Size: 300KB - Virtual size: 296KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 72KB - Virtual size: 72KB

.text
Size: 300KB - Virtual size: 296KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 72KB - Virtual size: 72KB