chkwudrv.pdb
Static task
static1
Behavioral task
behavioral1
Sample
chkwudrv.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
chkwudrv.dll
Resource
win10v2004-20240508-en
General
-
Target
chkwudrv.dll
-
Size
24KB
-
MD5
46b153343da5a751246c3aaa98f20e67
-
SHA1
2ce021130b005dbf7e006301316907350dc482ca
-
SHA256
4450fa9882f95bb7582782dd40a455afb4647a2cc00c6a9a2dfc01153db3891a
-
SHA512
9ce4846f17f2e8417481ffc6086b75c4815cf7e80bd7c1198dc832301a8f24070ace31b6685f257484f7684ff5de7947ea57c4e7ae804fc44db61e52798f467a
-
SSDEEP
384:xV1Q4S7kyiVISKVzvJ0cmKFsjJ4z0ljZam35m2dkmcdJxtqTlLV9WIGTW:TA4RKdvOcmvHH5mhtiVy
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource chkwudrv.dll
Files
-
chkwudrv.dll.dll windows:6 windows x64 arch:x64
2a70a98ee117641692f12b7a61620790
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
__C_specific_handler
??3@YAXPEAX@Z
_XcptFilter
_vsnwprintf
_amsg_exit
_initterm
free
malloc
_purecall
_lock
_unlock
__dllonexit
_onexit
_wcsicmp
??2@YAPEAX_K@Z
memset
ntdll
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
kernel32
RemoveDirectoryW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetFileAttributesW
TlsFree
DeleteFileW
CloseHandle
TlsAlloc
DeleteCriticalSection
FindNextFileW
CreateEventW
ResetEvent
FindFirstFileW
TlsGetValue
HeapAlloc
HeapFree
SetEvent
GetProcessHeap
InitializeCriticalSection
TlsSetValue
Sleep
LeaveCriticalSection
GetFileAttributesW
CreateFileW
GetTempPathW
GetLastError
SetLastError
EnterCriticalSection
DisableThreadLibraryCalls
FindClose
user32
PeekMessageW
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
oleaut32
SysFreeString
SysStringLen
VariantInit
SysAllocStringLen
SysAllocString
ole32
CoInitializeEx
CoCreateGuid
StringFromGUID2
CoCreateInstance
CoUninitialize
shell32
SHCreateDirectoryExW
setupapi
pSetupConcatenatePaths
pSetupGetFileTitle
Exports
Exports
CancelWUOperation
IsWUAvailable
OpenWUContext
ReleaseWUContext
RemoveWUDirectory
WUDownloadUpdatedFiles
WUExpandUpdateToPath
WUFindMatchingDriver
WUInstallBestUpdate
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 696B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 96B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ