3b7c7daa5c72f9628a5e6587e08d010df64d1be54d60b24145e5e6a31c4650ff

Sharing

Copy URL

Twitter E-mail

General

Target

3b7c7daa5c72f9628a5e6587e08d010df64d1be54d60b24145e5e6a31c4650ff
Size

1.1MB
MD5

8e758e0989c3c391ea36599712c709d8
SHA1

f86c2caad3200397c2945a9f959ff1b243a03d31
SHA256

3b7c7daa5c72f9628a5e6587e08d010df64d1be54d60b24145e5e6a31c4650ff
SHA512

1a03d02095b29fc699ca6fcbcde022b4955d4e47329b4fbe1df5a3d2e9fbcf9b03a47b455f7666e27156cc1999a8955af39a31d38db34d45bd5a3d54179f73b9
SSDEEP

24576:xoJwxdNBGo7TEKMB3bLt2rR8FfBhRJUEbDk1ulUf:WwxnB7MB3nt2r4PRSEk1ul

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b7c7daa5c72f9628a5e6587e08d010df64d1be54d60b24145e5e6a31c4650ff

Files

3b7c7daa5c72f9628a5e6587e08d010df64d1be54d60b24145e5e6a31c4650ff
.exe windows:6 windows x64 arch:x64

a70f167192121608e980dbdef41a4664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Proj\drivewintech_repo\DiracAudSrv\x64\Release\DiracAudSrv.pdb

Imports

kernel32

GlobalFree
GlobalAlloc
LeaveCriticalSection
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetStringTypeW
EnterCriticalSection
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateThread
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
OutputDebugStringW
CreateFileW
WideCharToMultiByte
LocalFree
LocalAlloc
Sleep
CreateEventW
DeleteCriticalSection
GetModuleFileNameW
InitializeCriticalSectionEx
GetLastError
CloseHandle
DecodePointer
ReadFile
GetFileSizeEx
SetStdHandle
FormatMessageW
IsValidCodePage
CreateFileA
FindNextFileW
FindFirstFileExW
FindClose
SetConsoleCtrlHandler
EnumSystemLocalesW
__C_specific_handler
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EncodePointer
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
ExitProcess
FreeLibrary
GetProcAddress
WriteFile
GetCommandLineA
GetCommandLineW
GetCurrentThread
HeapAlloc
HeapFree
HeapSize
HeapReAlloc
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
RtlUnwind

advapi32

QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
EventUnregister
EventRegister
StartServiceCtrlDispatcherW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetServiceStatus
RegisterServiceCtrlHandlerW
RegQueryValueExW
RegEnumValueW
RegCloseKey
EventWriteTransfer
RegGetValueW
RegOpenKeyExW

oleaut32

SysFreeString

ole32

CoInitializeEx
CoTaskMemFree
PropVariantClear
StringFromCLSID
CoCreateInstance
CoUninitialize

propsys

InitPropVariantFromCLSID

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDevRegKey
SetupDiGetClassDevsW

api-ms-win-devices-config-l1-1-1

CM_Register_Notification
CM_Unregister_Notification

Sections

.text
Size: 420KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a70f167192121608e980dbdef41a4664

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

oleaut32

ole32

propsys

setupapi

api-ms-win-devices-config-l1-1-1

Sections

.text Size: 420KB - Virtual size: 420KB

.rdata Size: 101KB - Virtual size: 100KB

.data Size: 4KB - Virtual size: 10KB

.pdata Size: 21KB - Virtual size: 20KB

_RDATA Size: 512B - Virtual size: 384B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 420KB - Virtual size: 420KB

.rdata
Size: 101KB - Virtual size: 100KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 21KB - Virtual size: 20KB

_RDATA
Size: 512B - Virtual size: 384B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 568KB - Virtual size: 572KB