da9cb3f8d08d6a859f114a2fcdeadd72ac20fcc5b2de7f41fc971c803b553a80

Sharing

Copy URL Twitter E-mail

General

Target

da9cb3f8d08d6a859f114a2fcdeadd72ac20fcc5b2de7f41fc971c803b553a80
Size

1.3MB
MD5

fbe3ff9d776c34e226cc71b58f713dcc
SHA1

2951ffaa720705b3fd8cf3241bb356729f24322d
SHA256

da9cb3f8d08d6a859f114a2fcdeadd72ac20fcc5b2de7f41fc971c803b553a80
SHA512

7126beae3e7f0510c8910199feb0e36fb8578958b58bda1afc62c621de671fac5deb5da3a6bee9248f206560ecc0ae229451f3dd746f568b4c65d879e7505b60
SSDEEP

24576:kLDJhFakoJ7Vs7iHKBcIfL+9MYEhnbhdxKaANp:kLDJhFaL0iHTIfLeMYa7x0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da9cb3f8d08d6a859f114a2fcdeadd72ac20fcc5b2de7f41fc971c803b553a80

Files

da9cb3f8d08d6a859f114a2fcdeadd72ac20fcc5b2de7f41fc971c803b553a80
.exe windows:6 windows x64 arch:x64

6bd359e52d1457a0b82aa5e342ab3edc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\EPM\_EPM_main\ShareLib\DC\Output\Release\x64\DrvSetup.pdb

Imports

setupapi

SetupDiRemoveDevice
SetupDiInstallDevice
SetupDiSelectDevice
SetupDiCallClassInstaller
SetupDiGetINFClassW
SetupDiGetClassDevsW
SetupDiBuildDriverInfoList
SetupDiRegisterDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList
SetupDiSetDeviceRegistryPropertyA
SetupDiGetDeviceInstallParamsW
SetupDiCreateDeviceInfoW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceRegistryPropertyW
SetupDiSetDeviceInstallParamsW

newdev

UpdateDriverForPlugAndPlayDevicesW

shlwapi

SHGetValueW

kernel32

GlobalFree
DeleteFileW
SetFileAttributesW
CopyFileW
MoveFileW
GetSystemWindowsDirectoryA
CreateFileA
CloseHandle
DeviceIoControl
Sleep
GetModuleFileNameA
GetPrivateProfileStringA
FindClose
FindFirstFileW
ResetEvent
WaitForSingleObject
OpenEventA
GetSystemWindowsDirectoryW
HeapAlloc
HeapFree
GetProcessHeap
SetEvent
CreateEventA
GetTickCount
GetCommandLineW
GetVersionExA
LocalFree
GetLastError
GetPrivateProfileStringW
GetProcAddress
GetModuleHandleA
GetSystemDirectoryW
GetCurrentProcess
GetFileAttributesW
SystemTimeToFileTime
FileTimeToSystemTime
lstrcmpiW
GetModuleFileNameW
GetSystemTime
GetModuleHandleW
FileTimeToLocalFileTime
GlobalAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetWindowsDirectoryA

user32

RegisterClassExA
CreateWindowExA
PostQuitMessage
DefWindowProcA
EndDialog
UpdateWindow
BeginPaint
EndPaint
LoadCursorA
LoadIconA
ShowWindow

advapi32

LookupPrivilegeValueA
OpenProcessToken
StartServiceA
OpenServiceW
DeleteService
CreateServiceW
ControlService
ChangeServiceConfigW
DecryptFileW
OpenSCManagerW
CloseServiceHandle
RegSetValueExW
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyExA
RegDeleteValueW
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
QueryServiceStatusEx
QueryServiceStatus
RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExA
EnumDependentServicesA
OpenSCManagerA
OpenServiceA
AdjustTokenPrivileges

shell32

CommandLineToArgvW

vcruntime140

_CxxThrowException
memset
__CxxFrameHandler3
memcpy
_local_unwind
__C_specific_handler
__std_type_info_destroy_list
__std_exception_copy
__std_exception_destroy

api-ms-win-crt-string-l1-1-0

strcat_s
_wcsicmp
wcscpy_s
wcscat_s

api-ms-win-crt-convert-l1-1-0

wcstombs

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
fclose
__p__commode
_set_fmode
__stdio_common_vfprintf
_wfopen
__stdio_common_vsscanf
__stdio_common_vsprintf
__stdio_common_vswscanf
__stdio_common_vswprintf_s

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale

api-ms-win-crt-runtime-l1-1-0

_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initterm
_get_narrow_winmain_command_line
_initialize_narrow_environment
_configure_narrow_argv
_initterm_e
_set_app_type
_seh_filter_dll
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
terminate
exit
_seh_filter_exe
_exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_set_new_mode
free

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.1MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6bd359e52d1457a0b82aa5e342ab3edc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

newdev

shlwapi

kernel32

user32

advapi32

shell32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 90KB - Virtual size: 89KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 5KB - Virtual size: 4KB

.idata Size: 10KB - Virtual size: 10KB

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 59KB - Virtual size: 58KB

.reloc Size: 1.1MB - Virtual size: 1.6MB

.text
Size: 90KB - Virtual size: 89KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 5KB - Virtual size: 4KB

.idata
Size: 10KB - Virtual size: 10KB

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 59KB - Virtual size: 58KB

.reloc
Size: 1.1MB - Virtual size: 1.6MB