247a2cf528b66a0532466a1548793efb7d036c5fcc7bab8f3fe9dee0c3fcd70a

Sharing

Copy URL Twitter E-mail

General

Target

247a2cf528b66a0532466a1548793efb7d036c5fcc7bab8f3fe9dee0c3fcd70a
Size

737KB
MD5

f773706e41f25c5b86bc402df4144ac2
SHA1

8f6795b0eb4424e6e5ad82a19a6a5f8d12258f5a
SHA256

247a2cf528b66a0532466a1548793efb7d036c5fcc7bab8f3fe9dee0c3fcd70a
SHA512

85d6edf5700e79d8374bdc0608e4f17e0a1f088155a4d1efad2ef30d803100b4e53ca58fb3a5035357aab899deda23b245d0b6e52504aef2d40ff5bfe7c7eae8
SSDEEP

12288:5+lx3ay6f2jQuCo7VtQLStNmnsN4lUqiXQ27dvNT7CN5WWuJFEu+X1p83o/S3IwE:Elxyf2jQuCoZtQLSt8nsN4lURgUZMuwW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
247a2cf528b66a0532466a1548793efb7d036c5fcc7bab8f3fe9dee0c3fcd70a

Files

247a2cf528b66a0532466a1548793efb7d036c5fcc7bab8f3fe9dee0c3fcd70a
.exe windows:6 windows x64 arch:x64

c4b7ad13a18507c9f3653db831894038

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\q\Perforce\SW9_DESKTOP-0DE01EF_131\depot3\Drivers\fw_update_driver\QService_V5_PCIE\QService_V5\x64\Release\QService.pdb

Imports

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcpyW
lstrcmpiW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
MultiByteToWideChar

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleFileNameW
GetProcAddress
FreeLibraryAndExitThread
FreeLibrary

api-ms-win-core-registry-l1-1-0

RegQueryValueExA
RegSetValueExA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
TlsSetValue
CreateThread
CreateProcessW
TlsGetValue
GetCurrentProcess
GetCurrentProcessId
ExitProcess
TlsAlloc
CreateProcessAsUserW
TlsFree
ExitThread
GetCurrentThreadId

api-ms-win-core-synch-l1-1-0

ResetEvent
InitializeCriticalSectionEx
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CreateEventW
DeleteCriticalSection
WaitForSingleObject

api-ms-win-core-toolhelp-l1-1-0

Process32FirstW
CreateToolhelp32Snapshot
Process32NextW

api-ms-win-core-file-l1-1-0

FindClose
CreateFileW
GetFileType
CreateDirectoryW
GetFileAttributesW
FindNextFileW
FindFirstFileW
SetFileAttributesW
RemoveDirectoryW
DeleteFileW
FileTimeToLocalFileTime
SetFileTime
LocalFileTimeToFileTime
FindFirstFileA
FindFirstFileExW
ReadFile
SetFilePointer
FindNextFileA
GetFileAttributesA
GetFileAttributesExW
GetFileSizeEx
SetFilePointerEx
WriteFile
SetEndOfFile
DeleteFileA
FlushFileBuffers

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
SetStdHandle
GetCurrentDirectoryW
FreeEnvironmentStringsW
GetCommandLineA
GetEnvironmentStringsW
GetCommandLineW
SetEnvironmentVariableW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc
HeapSize
HeapReAlloc

oleaut32

SysAllocString
VariantClear
GetErrorInfo
SetErrorInfo
SysFreeString
SysStringLen

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoCreateInstance
CoCreateGuid

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_Status
CM_Get_Device_IDW

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryA
GetWindowsDirectoryW

api-ms-win-core-errorhandling-l1-1-3

FatalAppExitW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
GetDynamicTimeZoneInformation
SystemTimeToFileTime
GetTimeZoneInformation

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo
SetConsoleTextAttribute

api-ms-win-core-console-l1-1-0

ReadConsoleW
GetConsoleMode
WriteConsoleA
WriteConsoleW
GetConsoleOutputCP

api-ms-win-core-localization-l1-2-0

GetACP
GetOEMCP
IsValidLocale
EnumSystemLocalesW
FormatMessageW
IsValidCodePage
GetLocaleInfoW
LCMapStringW
GetUserDefaultLCID

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken

shlwapi

PathCombineA
PathCombineW

setupapi

CM_Locate_DevNode_ExW
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceRegistryPropertyW
CM_Connect_MachineW
CM_Disconnect_Machine
CM_Reenumerate_DevNode_Ex
SetupDiOpenDevRegKey
SetupDiGetClassDevsW

kernel32

InitializeSRWLock
OOBEComplete
WTSGetActiveConsoleSessionId
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SleepConditionVariableSRW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
InitOnceComplete
InitializeConditionVariable
IsProcessorFeaturePresent
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetStringTypeW
EncodePointer
GetModuleHandleW
GetSystemTimeAsFileTime
RtlPcToFileHeader
WakeAllConditionVariable
WakeConditionVariable
InitOnceBeginInitialize
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LocalFree
GetExitCodeThread
WaitForSingleObjectEx
QueryPerformanceFrequency
QueryPerformanceCounter
SleepConditionVariableCS

user32

wsprintfW
RegisterSuspendResumeNotification
RegisterPowerSettingNotification

advapi32

OpenEventLogW
ReadEventLogW
CloseEventLog
StartServiceCtrlDispatcherW
SetServiceStatus

ole32

OleRun

dbghelp

MiniDumpWriteDump

version

GetFileVersionInfoSizeW

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx
RtlUnwind

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-file-l2-1-0

MoveFileExW

Sections

.text
Size: 503KB - Virtual size: 502KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4b7ad13a18507c9f3653db831894038

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-toolhelp-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-heap-l1-1-0

oleaut32

api-ms-win-core-com-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-3

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-console-l2-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-localization-l1-2-0

wtsapi32

shlwapi

setupapi

kernel32

user32

advapi32

ole32

dbghelp

version

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-file-l2-1-0

Sections

.text Size: 503KB - Virtual size: 502KB

.rdata Size: 177KB - Virtual size: 176KB

.data Size: 26KB - Virtual size: 34KB

.pdata Size: 23KB - Virtual size: 23KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 503KB - Virtual size: 502KB

.rdata
Size: 177KB - Virtual size: 176KB

.data
Size: 26KB - Virtual size: 34KB

.pdata
Size: 23KB - Virtual size: 23KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB