d9dfaa0276bebecc5e156da2c786c2a0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

d9dfaa0276bebecc5e156da2c786c2a0N.exe
Size

1.8MB
MD5

d9dfaa0276bebecc5e156da2c786c2a0
SHA1

4f874edf48b7dc2ed2ea70d8f41a7282060f6d0f
SHA256

8b7c9d994af43b8e4563f50dfea23133a11c912ef3efcfd627870de6c568a513
SHA512

3834ec568b6975614c32afccc9c1d9c1649f6ff228989d7570e7dffe36bfb95135b1d86019a1782d0192c81b77fd23613cf98d033139b159d962c95bcfd2a3ab
SSDEEP

24576:XnQNZz4L5PWFIutBzQ1zCjakbmW920WDo58M0XI2JOt934J7Z6bQaj1BvUm9J:3sEwzQ1zCjakbJ2No51CzJE3jM2ce

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9dfaa0276bebecc5e156da2c786c2a0N.exe

Files

d9dfaa0276bebecc5e156da2c786c2a0N.exe
.exe windows:6 windows x64 arch:x64

4b85bf8672df5c86fdae16222f8f181d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

G:\Checkpoints\TPDrv\head2\SynReFlash\UI\Synaptics\x64\Release\SynReflash.pdb

Imports

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiOpenDeviceInfoW
SetupDiSetClassInstallParamsW
SetupDiGetClassDevsW
CM_Get_Device_IDW
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
CM_Get_Parent
CM_Get_Device_ID_Size

hid

HidD_GetHidGuid
HidD_GetFeature
HidD_FreePreparsedData
HidP_GetButtonCaps
HidD_SetFeature
HidD_GetAttributes
HidP_GetValueCaps
HidD_GetPreparsedData
HidP_GetCaps

kernel32

LoadLibraryExW
GlobalDeleteAtom
GlobalAddAtomW
GlobalFindAtomW
GetCurrentThread
lstrcmpA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTickCount
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetThreadLocale
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
DeleteFileW
FlushFileBuffers
GetFileSize
GetFullPathNameW
GetVolumeInformationW
GetVersionExW
SetEndOfFile
SetFilePointer
UnlockFile
DuplicateHandle
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
ExitProcess
AreFileApisANSI
HeapQueryInformation
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
GetStdHandle
GetFileType
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsValidCodePage
GetOEMCP
GetCPInfo
SetFilePointerEx
GetConsoleCP
GetConsoleMode
GetStringTypeW
GetTimeZoneInformation
OutputDebugStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
GetSystemDirectoryW
WriteConsoleW
SetEnvironmentVariableA
QueryActCtxW
FindActCtxSectionStringW
InitializeCriticalSectionAndSpinCount
SetLastError
OutputDebugStringA
GetACP
TerminateThread
CreateThread
GetCurrentProcessId
SetConsoleTitleW
LoadLibraryA
AttachConsole
GetExitCodeProcess
FreeConsole
AllocConsole
CreateMutexW
GetCurrentThreadId
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
EnterCriticalSection
lstrcmpW
TerminateProcess
LeaveCriticalSection
OpenProcess
InitializeCriticalSection
GetModuleHandleExW
CreateDirectoryW
FindResourceExW
QueryPerformanceFrequency
FindNextFileW
LockResource
FindClose
SizeofResource
GetSystemPowerStatus
WideCharToMultiByte
GetPriorityClass
GetModuleHandleW
QueryPerformanceCounter
LoadResource
FindResourceW
DeviceIoControl
FileTimeToSystemTime
SetThreadExecutionState
FindFirstFileW
CloseHandle
CancelIo
CreateEventW
GetOverlappedResult
CreateFileW
ReadFile
WriteFile
WaitForSingleObject
TlsAlloc
GetProcAddress
ReleaseActCtx
DeactivateActCtx
GetModuleFileNameW
GetFileAttributesW
Sleep
LoadLibraryW
ActivateActCtx
TlsSetValue
CreateActCtxW
GetCurrentProcess
FreeLibrary
TlsGetValue
LocalFree
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
RaiseException
InitializeCriticalSectionEx
MultiByteToWideChar
FormatMessageW
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
ExpandEnvironmentStringsW
EncodePointer
MulDiv
GlobalAlloc
GlobalFree
GlobalUnlock
GlobalLock
SetStdHandle
FreeResource
LockFile
lstrlenA

user32

GetWindowTextW
RemovePropW
GetPropW
SetPropW
RedrawWindow
ValidateRect
UpdateWindow
SetMenu
GetMenu
GetCapture
GetKeyState
GetDlgCtrlID
IsWindowVisible
SetWindowPos
IsChild
CreateWindowExW
GetClassInfoExW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
GetMenuItemCount
GetMenuItemID
GetSubMenu
DestroyMenu
SetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
IsWindowEnabled
IsWindow
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
GetFocus
SendDlgItemMessageA
GetSystemMenu
IsIconic
DrawIcon
GetClientRect
LoadIconW
AppendMenuW
EnableMenuItem
GetSystemMetrics
FindWindowW
wsprintfW
GetClassInfoW
RegisterClassW
ScreenToClient
GetWindowRect
PostMessageW
SetForegroundWindow
GetParent
MessageBeep
SetFocus
GetForegroundWindow
GetWindowLongW
GetClassNameW
GetDlgItem
ClientToScreen
EndPaint
BeginPaint
SetWindowLongW
GetDesktopWindow
GetCursorPos
GetWindowThreadProcessId
MoveWindow
ExitWindowsEx
MessageBoxW
UnregisterClassW
SendMessageW
EnableWindow
PostThreadMessageW
GetNextDlgGroupItem
IsRectEmpty
IntersectRect
SetRect
InvalidateRgn
CopyAcceleratorTableW
OffsetRect
CharNextW
CharUpperW
ReleaseCapture
SetCapture
InvalidateRect
KillTimer
SetTimer
LoadCursorW
GetSysColorBrush
RealChildWindowFromPoint
GetActiveWindow
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RegisterClipboardFormatW
TranslateMessage
GetMessageW
MapDialogRect
SetWindowContextHelpId
SetCursor
PostQuitMessage
IsDialogMessageW
SetWindowTextW
SetDlgItemTextW
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
CallNextHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
PtInRect
EqualRect
CopyRect
AdjustWindowRectEx
UnhookWindowsHookEx
MapWindowPoints
GetSysColor

gdi32

DeleteDC
DeleteObject
Escape
GetClipBox
GetStockObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
RestoreDC
SaveDC
ExtSelectClipRgn
SelectObject
SetMapMode
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetObjectW
SetTextColor
GetDeviceCaps
CreateBitmap
SetBkColor

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegQueryValueW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyW
RegCreateKeyW
OpenProcessToken

shell32

SHGetFolderPathW
ShellExecuteExW
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW
StrToIntW
PathStripToRootW

ole32

OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CLSIDFromString
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoInitialize
CLSIDFromProgID
CoCreateInstance
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter

oleaut32

VariantClear
VariantChangeType
SysAllocString
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantInit
VariantCopy
OleCreateFontIndirect
SysAllocStringLen
SysFreeString

oledlg

OleUIBusyW

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 645KB - Virtual size: 644KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 576KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4b85bf8672df5c86fdae16222f8f181d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

hid

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

oleacc

Sections

.text Size: 645KB - Virtual size: 644KB

.rdata Size: 282KB - Virtual size: 282KB

.data Size: 20KB - Virtual size: 48KB

.pdata Size: 43KB - Virtual size: 43KB

.rsrc Size: 287KB - Virtual size: 286KB

.reloc Size: 576KB - Virtual size: 580KB

.text
Size: 645KB - Virtual size: 644KB

.rdata
Size: 282KB - Virtual size: 282KB

.data
Size: 20KB - Virtual size: 48KB

.pdata
Size: 43KB - Virtual size: 43KB

.rsrc
Size: 287KB - Virtual size: 286KB

.reloc
Size: 576KB - Virtual size: 580KB