WiFi_AMD-MediaTek_v3[.]3[.]0[.]1030[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

WiFi_AMD-MediaTek_v3.3.0.1030.zip
Size

7.1MB
MD5

8f8b12c48bcce31aa38e902aee9b56da
SHA1

6fa9a2a94722e68c41cfaaa3ed07063b102bd0f3
SHA256

ce2c628fd55580226731a2542441a17e4bee644e69ac940d3d43373e0a0b7918
SHA512

f09e0b76ea891d48c771f500a5975d405795fc32a5fd5f8e9027990f0a7d7c46b79b627a1550f0d31ca89c66951354880e19ef506e52ab204094f9484570838b
SSDEEP

196608:mrqx5XMP9cMar2fs0g5CuJ8rPSDR9Djd0uI6B8cU858Fj+1Aa:mLV6JYrPSDzPVIcG85U61n

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WiFi_AMD-MediaTek_v3.3.0.1030/mtkihvx.dll
unpack001/WiFi_AMD-MediaTek_v3.3.0.1030/mtkwl6ex.sys

Files

WiFi_AMD-MediaTek_v3.3.0.1030.zip
.zip
WiFi_AMD-MediaTek_v3.3.0.1030/WIFI_MT7902_patch_mcu_1_1_hdr.bin
WiFi_AMD-MediaTek_v3.3.0.1030/WIFI_MT7922_patch_mcu_1_1_hdr.bin
WiFi_AMD-MediaTek_v3.3.0.1030/WIFI_MT7961_patch_mcu_1_2_hdr.bin
WiFi_AMD-MediaTek_v3.3.0.1030/WIFI_MT7961_patch_mcu_1a_2_hdr.bin
WiFi_AMD-MediaTek_v3.3.0.1030/WIFI_RAM_CODE_MT7902_1.bin
WiFi_AMD-MediaTek_v3.3.0.1030/WIFI_RAM_CODE_MT7922_1.bin
WiFi_AMD-MediaTek_v3.3.0.1030/WIFI_RAM_CODE_MT7961_1.bin
WiFi_AMD-MediaTek_v3.3.0.1030/WIFI_RAM_CODE_MT7961_1a.bin
WiFi_AMD-MediaTek_v3.3.0.1030/mtkihvx.dll
.dll windows:6 windows x64 arch:x64

e967ab46dcaf3dd11b06d6010df46ea8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\mtk31580\Downloads\a9a3335\mtkihv\x64\Release\mtkihvx.pdb

Imports

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceRegistryPropertyA

bluetoothapis

BluetoothFindFirstRadio
BluetoothFindRadioClose

kernel32

WaitForSingleObject
CreateFileA
DebugBreak
OutputDebugStringA
ResetEvent
DeleteCriticalSection
WaitForMultipleObjects
CreateThread
GlobalAlloc
GetCurrentProcess
WideCharToMultiByte
GetConsoleOutputCP
SetEvent
DeviceIoControl
CreateEventA
LeaveCriticalSection
EnterCriticalSection
GetLastError
CloseHandle
WTSGetActiveConsoleSessionId
GlobalFree
Sleep
GetConsoleMode
ReadFile
ReadConsoleW
OutputDebugStringW
CreateFileW
WriteConsoleW
InitializeCriticalSection
InitializeSListHead
WriteFile
FlushFileBuffers
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
SetFilePointerEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
RtlUnwind
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetCurrentThread
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
SetConsoleCtrlHandler
GetFileSizeEx

advapi32

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegNotifyChangeKeyValue
RegEnumKeyExA
RegCloseKey
OpenEventLogA
NotifyChangeEventLog
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
TraceMessage

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllMain
Dot11ExtIhvGetVersionInfo
Dot11ExtIhvInitService

Sections

.text
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WiFi_AMD-MediaTek_v3.3.0.1030/mtkwl1.dat
WiFi_AMD-MediaTek_v3.3.0.1030/mtkwl1_2.dat
WiFi_AMD-MediaTek_v3.3.0.1030/mtkwl2.dat
WiFi_AMD-MediaTek_v3.3.0.1030/mtkwl2_2.dat
WiFi_AMD-MediaTek_v3.3.0.1030/mtkwl2_2s.dat
WiFi_AMD-MediaTek_v3.3.0.1030/mtkwl2s.dat
WiFi_AMD-MediaTek_v3.3.0.1030/mtkwl3.dat
WiFi_AMD-MediaTek_v3.3.0.1030/mtkwl3_2.dat
WiFi_AMD-MediaTek_v3.3.0.1030/mtkwl4.dat
WiFi_AMD-MediaTek_v3.3.0.1030/mtkwl6ex.cat
WiFi_AMD-MediaTek_v3.3.0.1030/mtkwl6ex.inf
WiFi_AMD-MediaTek_v3.3.0.1030/mtkwl6ex.sys
.sys windows:10 windows x64 arch:x64

852bf5e9ae7a661800496a1530b89ac2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\worktmp\easy-fwdrv-neptune-mp-MT7961_WIFI_DRV_Win-2006-MT7961_WIN10_AB_XMLBASE\10879\wlan_driver\seattle\wifi_driver\windows\PLATFORM\Ndis6\x64\mtkwl6ex.pdb

Imports

ntoskrnl.exe

PsGetVersion
ZwReadFile
ZwQueryInformationFile
RtlAppendUnicodeToString
ExInterlockedRemoveHeadList
RtlGetVersion
IoGetDmaAdapter
ZwCreateKey
MmBuildMdlForNonPagedPool
RtlAnsiStringToUnicodeString
KeSetEvent
ExInterlockedInsertTailList
strstr
_vsnprintf
ZwSetValueKey
ZwDeleteValueKey
ZwSetInformationFile
ZwCreateFile
IoReleaseCancelSpinLock
IofCompleteRequest
MmMapLockedPagesSpecifyCache
strncmp
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KfRaiseIrql
KeLowerIrql
ObfDereferenceObject
ObReferenceObjectByHandle
PsTerminateSystemThread
PsCreateSystemThread
KeSetPriorityThread
KeFlushQueuedDpcs
PsGetCurrentThreadId
KeInitializeSpinLock
KeWaitForSingleObject
KeGetCurrentIrql
__chkstk
RtlInitUnicodeString
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
ZwOpenFile
RtlTimeToTimeFields
ExSystemTimeToLocalTime
swprintf
KeClearEvent
strchr
__C_specific_handler
IoBuildSynchronousFsdRequest
IofCallDriver
IoGetAttachedDeviceReference
strncpy_s
strcmp
RtlInitAnsiString
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
IoBuildDeviceIoControlRequest
IoWMIOpenBlock
IoWMIQueryAllData
IoWMIExecuteMethod
IoWMISetNotificationCallback
ZwWriteFile
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
_vsnwprintf
ZwQueryValueKey
ZwOpenKey
ZwClose
ExFreePoolWithTag
ExAllocatePoolWithTag
KeInitializeEvent
RtlCopyUnicodeString
RtlUnicodeStringToAnsiString
wcsrchr
isxdigit
IoWMIRegistrationControl
MmGetSystemRoutineAddress

hal

KeStallExecutionProcessor
KeQueryPerformanceCounter

ndis.sys

NdisMSleep
NdisAllocateIoWorkItem
NdisFreeMdl
NdisAllocateMdl
NdisFreeNetBufferPool
NdisAllocateNetBufferPool
NdisMSynchronizeWithInterruptEx
NdisMAllocateNetBufferSGList
NdisAllocateMemoryWithTag
NdisFreeNetBufferList
NdisAllocateNetBufferAndNetBufferList
NdisFreeNetBufferListPool
NdisAllocateNetBufferListPool
NdisOpenConfigurationEx
NdisInitializeString
NdisRetreatNetBufferListDataStart
NdisAllocateNetBufferList
NdisMIndicateStatusEx
NdisMDeregisterWdiMiniportDriver
NdisMRegisterWdiMiniportDriver
NdisMDeregisterScatterGatherDma
NdisMRegisterScatterGatherDma
NdisMGetDeviceProperty
NdisMUnmapIoSpace
NdisMMapIoSpace
NdisMSetBusData
NdisQueueIoWorkItem
NdisMDeregisterInterruptEx
NdisMRegisterInterruptEx
NdisGetVersion
NdisGetDeviceReservedExtension
NdisDeregisterDeviceEx
NdisRegisterDeviceEx
NdisUnmapFile
NdisCloseFile
NdisWriteConfiguration
NdisMFreeNetBufferSGList
NdisFreeIoWorkItem
NdisFreeTimerObject
NdisCancelTimerObject
NdisSetTimerObject
NdisAllocateTimerObject
NdisWaitEvent
NdisResetEvent
NdisSetEvent
NdisMapFile
NdisAllocateMemoryWithTagPriority
NdisAcquireReadWriteLock
NdisMGetBusData
NdisInitializeEvent
NdisInitializeReadWriteLock
NdisReadConfiguration
NdisCloseConfiguration
NdisFreeMemory
NdisOpenFile
NdisReleaseReadWriteLock

wdfldr.sys

WdfVersionUnbind
WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionBind

cng.sys

BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptDecrypt
BCryptCreateHash
BCryptHashData
BCryptFinishHash

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e967ab46dcaf3dd11b06d6010df46ea8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

bluetoothapis

kernel32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 416KB - Virtual size: 415KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 3KB - Virtual size: 10KB

.pdata Size: 19KB - Virtual size: 19KB

_RDATA Size: 512B - Virtual size: 384B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

852bf5e9ae7a661800496a1530b89ac2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

ndis.sys

wdfldr.sys

cng.sys

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 91KB - Virtual size: 91KB

.data Size: 52KB - Virtual size: 112KB

.pdata Size: 27KB - Virtual size: 27KB

PAGE Size: 2KB - Virtual size: 1KB

INIT Size: 5KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 416KB - Virtual size: 415KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 3KB - Virtual size: 10KB

.pdata
Size: 19KB - Virtual size: 19KB

_RDATA
Size: 512B - Virtual size: 384B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 91KB - Virtual size: 91KB

.data
Size: 52KB - Virtual size: 112KB

.pdata
Size: 27KB - Virtual size: 27KB

PAGE
Size: 2KB - Virtual size: 1KB

INIT
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB