DriverFN_Public_1[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

DriverFN_Public_1.exe
Size

4.9MB
MD5

b0ccecaff9a273cfde75f93d879201ab
SHA1

9a51bbe537ea42c2cc91fa89d411c8bb64866d76
SHA256

5dace4d72e887c38370a7d2e9134c94a6222d5f161f92116836159eb5901dd77
SHA512

c5a10c53e8cf59431873fe23ee0b8a67a37bcc66d4d59498e264e9ff4c28e286a8843148fa06870c044daa1349a8b90adcb2eee19aa0556a3ca7516daecf4ba7
SSDEEP

98304:uvr4T3ZLqNUYL5vgejxTEfIUbXAgribh52uW:uz4T3ZOvgeNmbX54b9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DriverFN_Public_1.exe

Files

DriverFN_Public_1.exe
.exe windows:6 windows x64 arch:x64

af0eace8de94f56c091252e101efde32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\nottm\Pictures\dump\carbon slotted\unban.ing\Output\DriverFN_Public.pdb

Imports

kernel32

SleepConditionVariableSRW
WakeAllConditionVariable
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
LoadLibraryA
GetProcAddress
FreeLibrary
QueryPerformanceFrequency
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileSizeEx
FormatMessageA
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
GetTickCount
VerifyVersionInfoA
GetSystemDirectoryA
SleepEx
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceCounter
LocalFree
SetLastError
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
IsDebuggerPresent
CreateEventW
SetEvent
OutputDebugStringW
GetSystemInfo
InitializeSListHead
VirtualQuery
VirtualFree
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId
Process32NextW
Process32FirstW
QueryFullProcessImageNameW
GetModuleHandleW
GetModuleFileNameA
IsWow64Process
UnmapViewOfFile
VirtualFreeEx
MapViewOfFile
CreateFileMappingW
WriteProcessMemory
ReadProcessMemory
VirtualProtectEx
VirtualAllocEx
GetCurrentThread
CreateRemoteThread
GetCurrentProcessId
GetCurrentProcess
GetLastError
GetFileAttributesW
CreateFileW
RtlAddFunctionTable
VerSetConditionMask
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetStdHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
SetConsoleTextAttribute
SetConsoleCtrlHandler
WideCharToMultiByte
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
VirtualProtect
OpenProcess
CreateThread
GetExitCodeProcess
TerminateProcess
Sleep
DeviceIoControl
GetSystemTimeAsFileTime
CloseHandle
Beep
CreateFileA

user32

SetWindowPos
GetKeyState
EmptyClipboard
LoadCursorA
ScreenToClient
ClientToScreen
SetCursor
SetCursorPos
FindWindowW
PostMessageA
DestroyWindow
GetAsyncKeyState
GetSystemMetrics
MessageBoxA
GetCursorPos
SetWindowLongA
ShowWindow
FindWindowA
FindWindowExA
GetClassNameA
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
GetWindowThreadProcessId
GetForegroundWindow
GetClientRect

shell32

ShellExecuteA

ntdll

RtlInitUnicodeString
RtlCreateRegistryKey
NtQuerySystemInformation
RtlAdjustPrivilege
RtlGetFullPathName_UEx
RtlReleaseRelativeName
NtDeviceIoControlFile
RtlImageNtHeaderEx
RtlFreeHeap
NtReadFile
NtMapViewOfSection
NtCreateSection
NtCreateFile
NtClose
RtlAllocateHeap
NtUnloadDriver
NtLoadDriver
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtUnmapViewOfSection
RtlWriteRegistryValue
NtRaiseHardError

msvcp140

?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setf@ios_base@std@@QEAAHHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?fail@ios_base@std@@QEBA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@D@std@@QEBA_NFD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
_Query_perf_frequency
_Query_perf_counter
?uncaught_exceptions@std@@YAHXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

d3d9

Direct3DCreate9Ex

dwmapi

DwmExtendFrameIntoClientArea

xinput1_3

ord2

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmSetCandidateWindow
ImmGetContext

psapi

GetModuleInformation

normaliz

IdnToAscii

wldap32

ord60
ord45
ord50
ord41
ord46
ord26
ord217
ord32
ord33
ord35
ord79
ord27
ord301
ord200
ord30
ord143
ord211
ord22

crypt32

CertFreeCertificateChainEngine
CertFreeCertificateChain
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertCreateCertificateChainEngine
CertGetCertificateChain
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore

ws2_32

gethostname
closesocket
recv
send
WSAGetLastError
ioctlsocket
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
__WSAFDIsSet
getaddrinfo
freeaddrinfo
recvfrom
sendto
WSAStartup
WSACleanup
accept
htonl
listen
ntohl
select

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

userenv

UnloadUserProfile

vcruntime140

__current_exception
strrchr
__C_specific_handler
strchr
memcmp
memset
_CxxThrowException
__std_exception_destroy
__std_exception_copy
memcpy
__std_terminate
__current_exception_context
memmove
memchr
strstr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_configure_narrow_argv
__sys_nerr
_initterm
_initialize_narrow_environment
_getpid
_initialize_onexit_table
_register_onexit_function
_crt_atexit
strerror
_register_thread_local_exe_atexit_callback
_cexit
_seh_filter_exe
_set_app_type
_resetstkoflw
_c_exit
_invalid_parameter_noinfo
__p___argv
_get_initial_narrow_environment
__p___argc
_beginthreadex
_invalid_parameter_noinfo_noreturn
_errno
terminate
system
_exit
exit

api-ms-win-crt-string-l1-1-0

wcscpy_s
_stricmp
strncpy
strncmp
_wcsicmp
wcscat_s
strpbrk
strlen
strcspn
strspn
isupper
wcslen
_strdup
tolower
strcmp

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
calloc
realloc
malloc
free

api-ms-win-crt-convert-l1-1-0

atof
strtol
strtod
strtoll
strtoull
atoi
strtoul

api-ms-win-crt-math-l1-1-0

sinf
cosf
_dclass
sqrt
fabs
atan2
sqrtf
powf
__setusermatherr
atan2f
pow
log
ceilf
acosf
fmodf
logf
asin
tanf

api-ms-win-crt-stdio-l1-1-0

fgets
fsetpos
_popen
_set_fmode
fopen
fputs
feof
_fseeki64
fwrite
setvbuf
fread
fputc
fgetpos
_lseeki64
ungetc
__p__commode
__stdio_common_vsscanf
ftell
fseek
_wfopen
fgetc
__stdio_common_vswprintf
fflush
fclose
_get_stream_buffer_pointers
__acrt_iob_func
__stdio_common_vsprintf_s
__stdio_common_vsprintf
__stdio_common_vfprintf
_read
_pclose
_open
_close
_write

api-ms-win-crt-filesystem-l1-1-0

_access
_lock_file
_unlock_file
_fstat64
_stat64
_unlink

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
CopySid
ConvertSidToStringSidA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
GetUserNameA
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
RegCreateKeyExW
RegSetValueExW
AddAccessAllowedAce
SetSecurityInfo

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.PLSNOCR
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af0eace8de94f56c091252e101efde32

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ntdll

msvcp140

d3d9

dwmapi

xinput1_3

imm32

psapi

normaliz

wldap32

crypt32

ws2_32

rpcrt4

userenv

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

advapi32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 251KB - Virtual size: 250KB

.data Size: 3.0MB - Virtual size: 3.0MB

.pdata Size: 36KB - Virtual size: 36KB

.PLSNOCR Size: 512B - Virtual size: 1B

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 251KB - Virtual size: 250KB

.data
Size: 3.0MB - Virtual size: 3.0MB

.pdata
Size: 36KB - Virtual size: 36KB

.PLSNOCR
Size: 512B - Virtual size: 1B

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 3KB - Virtual size: 3KB