34a5786a4ec83f0d961c05baac97b7d0992326fab3a18019ee8fc3bb054576a0

Sharing

Copy URL Twitter E-mail

General

Target

34a5786a4ec83f0d961c05baac97b7d0992326fab3a18019ee8fc3bb054576a0
Size

633KB
MD5

e098cf308766df78ed4313fce4358297
SHA1

d6d58e255100e821264beabe1d264545e6d42a04
SHA256

34a5786a4ec83f0d961c05baac97b7d0992326fab3a18019ee8fc3bb054576a0
SHA512

36220e73c76d70224c228e1c3572d4d3f1f46a1d500125d4d3ed130dae604969225042bc5348eaf05ff1d03545a2bf453b974afe627dc8ea898ef552d2afdee3
SSDEEP

12288:Ddy0Z8kykNe/v+MZdZVX8fGx5dKaFlHxp/nE:DqkykNe/mOd/X8fGx/FlHx1nE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34a5786a4ec83f0d961c05baac97b7d0992326fab3a18019ee8fc3bb054576a0

Files

34a5786a4ec83f0d961c05baac97b7d0992326fab3a18019ee8fc3bb054576a0
.dll windows:6 windows x64 arch:x64

cd56fd9dc59d5d76a492c0471dece3e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\qb\workspace\27479\source\output\dump64\CtlApi\bin\Release\IntelControlLib.pdb

Imports

cfgmgr32

CM_Get_Device_Interface_PropertyW
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
CM_Get_DevNode_PropertyW
CM_Locate_DevNodeW

dxgi

CreateDXGIFactory1

shell32

ord680

kernel32

GetModuleFileNameA
OutputDebugStringA
HeapSize
SetEndOfFile
CreateDirectoryA
FindClose
FindFirstFileW
FindNextFileW
GetLastError
GetTimeZoneInformation
CreateFileW
SetStdHandle
FlushFileBuffers
GetCurrentProcessId
WriteConsoleW
ProcessIdToSessionId
CloseHandle
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
SetEvent
ResetEvent
WaitForMultipleObjectsEx
CreateEventW
OpenEventW
GetModuleHandleA
GetProcAddress
WideCharToMultiByte
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
FreeLibrary
LoadLibraryW
LoadLibraryExA
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetSystemPowerStatus
GetCommandLineA
GetCPInfo
GetOEMCP
InitOnceBeginInitialize
InitOnceComplete
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ReadFile
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetStdHandle
GetFileType
SetFilePointerEx
GetConsoleMode
ReadConsoleW
MultiByteToWideChar
SetEnvironmentVariableW
WriteFile
GetConsoleOutputCP
GetFileSizeEx
DeleteFileW
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP

advapi32

InitializeSecurityDescriptor
EventRegister
EventUnregister
EventWriteTransfer
RegGetValueW
SetSecurityDescriptorDacl

user32

GetDisplayConfigBufferSizes
SetDisplayConfig
QueryDisplayConfig
DisplayConfigGetDeviceInfo
wsprintfW

ntdll

RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlInitAnsiString

Exports

Exports

ctlAUXAccess
ctlCheckDriverVersion
ctlClose
ctlEdidManagement
ctlEngineGetActivity
ctlEngineGetProperties
ctlEnumEngineGroups
ctlEnumFans
ctlEnumFrequencyDomains
ctlEnumMemoryModules
ctlEnumPowerDomains
ctlEnumTemperatureSensors
ctlEnumerateDevices
ctlEnumerateDisplayOutputs
ctlEnumerateI2CPinPairs
ctlFanGetConfig
ctlFanGetProperties
ctlFanGetState
ctlFanSetDefaultMode
ctlFanSetFixedSpeedMode
ctlFanSetSpeedTableMode
ctlFrequencyGetAvailableClocks
ctlFrequencyGetProperties
ctlFrequencyGetRange
ctlFrequencyGetState
ctlFrequencyGetThrottleTime
ctlFrequencySetRange
ctlGetAdaperDisplayEncoderProperties
ctlGetBrightnessSetting
ctlGetCurrentScaling
ctlGetCurrentSharpness
ctlGetDeviceProperties
ctlGetDisplayProperties
ctlGetIntelArcSyncInfoForMonitor
ctlGetIntelArcSyncProfile
ctlGetLACEConfig
ctlGetLinkedDisplayAdapters
ctlGetMuxProperties
ctlGetPowerOptimizationCaps
ctlGetPowerOptimizationSetting
ctlGetSet3DFeature
ctlGetSetCombinedDisplay
ctlGetSetCustomMode
ctlGetSetDisplaySettings
ctlGetSetDynamicContrastEnhancement
ctlGetSetRetroScaling
ctlGetSetVideoProcessingFeature
ctlGetSetWireFormat
ctlGetSharpnessCaps
ctlGetSupported3DCapabilities
ctlGetSupportedRetroScalingCapability
ctlGetSupportedScalingCapability
ctlGetSupportedVideoProcessingCapabilities
ctlGetVblankTimestamp
ctlGetZeDevice
ctlI2CAccess
ctlI2CAccessOnPinPair
ctlInit
ctlLinkDisplayAdapters
ctlMemoryGetBandwidth
ctlMemoryGetProperties
ctlMemoryGetState
ctlOverclockGetProperties
ctlOverclockGpuFrequencyOffsetGet
ctlOverclockGpuFrequencyOffsetGetV2
ctlOverclockGpuFrequencyOffsetSet
ctlOverclockGpuFrequencyOffsetSetV2
ctlOverclockGpuLockGet
ctlOverclockGpuLockSet
ctlOverclockGpuMaxVoltageOffsetGetV2
ctlOverclockGpuMaxVoltageOffsetSetV2
ctlOverclockGpuVoltageOffsetGet
ctlOverclockGpuVoltageOffsetSet
ctlOverclockPowerLimitGet
ctlOverclockPowerLimitGetV2
ctlOverclockPowerLimitSet
ctlOverclockPowerLimitSetV2
ctlOverclockReadVFCurve
ctlOverclockResetToDefault
ctlOverclockTemperatureLimitGet
ctlOverclockTemperatureLimitGetV2
ctlOverclockTemperatureLimitSet
ctlOverclockTemperatureLimitSetV2
ctlOverclockVramFrequencyOffsetGet
ctlOverclockVramFrequencyOffsetSet
ctlOverclockVramMemSpeedLimitGetV2
ctlOverclockVramMemSpeedLimitSetV2
ctlOverclockVramVoltageOffsetGet
ctlOverclockVramVoltageOffsetSet
ctlOverclockWaiverSet
ctlOverclockWriteCustomVFCurve
ctlPanelDescriptorAccess
ctlPciGetProperties
ctlPciGetState
ctlPixelTransformationGetConfig
ctlPixelTransformationSetConfig
ctlPowerGetEnergyCounter
ctlPowerGetLimits
ctlPowerGetProperties
ctlPowerSetLimits
ctlPowerTelemetryGet
ctlReservedCall
ctlSetBrightnessSetting
ctlSetCurrentScaling
ctlSetCurrentSharpness
ctlSetIntelArcSyncProfile
ctlSetLACEConfig
ctlSetPowerOptimizationSetting
ctlSetRuntimePath
ctlSoftwarePSR
ctlTemperatureGetProperties
ctlTemperatureGetState
ctlUnlinkDisplayAdapters
ctlWaitForPropertyChange
ctlpvtDisplaySwitch
ctlpvtEnumerateMuxDevicesOnAdapter
ctlpvtGetSetDisplayGenlock2
ctlpvtTestFunction

Sections

.text
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd56fd9dc59d5d76a492c0471dece3e9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cfgmgr32

dxgi

shell32

kernel32

advapi32

user32

ntdll

Exports

Exports

Sections

.text Size: 400KB - Virtual size: 400KB

.rdata Size: 143KB - Virtual size: 143KB

.data Size: 5KB - Virtual size: 10KB

.pdata Size: 19KB - Virtual size: 18KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 400KB - Virtual size: 400KB

.rdata
Size: 143KB - Virtual size: 143KB

.data
Size: 5KB - Virtual size: 10KB

.pdata
Size: 19KB - Virtual size: 18KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB