dab53557ea27bbcc13c14f180e3c249b4836fc6d9cfef6327718ead9db41f594

Sharing

Copy URL Twitter E-mail

General

Target

dab53557ea27bbcc13c14f180e3c249b4836fc6d9cfef6327718ead9db41f594
Size

1.5MB
MD5

4440354ecf3d491392cdeeebc63e8008
SHA1

1e2ab82f2cd0cd33ae0a139fb3ef0e6e1efc209d
SHA256

dab53557ea27bbcc13c14f180e3c249b4836fc6d9cfef6327718ead9db41f594
SHA512

c0aa6ce2ead6cc74dba7396757d7f4cb73b0fa5bd0f39be8e14919b5696632dedfd5bbb0689c89ed9d2fc07dd6a2487fd1d7fbc7ff0572b8f7e4fa44889efff3
SSDEEP

24576:UAk62+rb0Djsf9nz4mloFQnpXUMPQDR6q79dA:UO20oDYf5zaCpXxPuR6E9dA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dab53557ea27bbcc13c14f180e3c249b4836fc6d9cfef6327718ead9db41f594

Files

dab53557ea27bbcc13c14f180e3c249b4836fc6d9cfef6327718ead9db41f594
.exe windows:6 windows x64 arch:x64

12cb45e8d05931d7d2c52229f21ec5f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\home\jenkins\agent\workspace\novoHotkeys_hotkeydriver_2.0.9.x\LenovoKBDHotkey\Bin\x64\Release\LenovoUtilityService.pdb

Imports

oleaut32

VariantInit
SysFreeString
VariantClear
SysAllocString

kernel32

FreeEnvironmentStringsW
GetTempPathW
GetEnvironmentStringsW
Process32FirstW
WideCharToMultiByte
CreateToolhelp32Snapshot
MultiByteToWideChar
QueryFullProcessImageNameW
Sleep
GetThreadId
GetCurrentThread
WaitForSingleObject
SetEvent
CreateThread
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
SubmitThreadpoolWork
GetCPInfo
SetEnvironmentVariableW
GetOEMCP
GetACP
CreateThreadpoolWork
WTSGetActiveConsoleSessionId
FindNextFileW
FindFirstFileExW
GetProcessTimes
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateEventW
CreateThreadpoolTimer
SetStdHandle
TerminateProcess
OpenProcess
GetCurrentProcess
CreateFileW
LocalAlloc
GetStringTypeW
FlushFileBuffers
GetConsoleOutputCP
Process32NextW
LocalFree
LoadLibraryExW
GetProcAddress
lstrlenW
FindClose
GetLastError
WriteFile
CloseHandle
GetProcessHeap
HeapAlloc
HeapFree
WaitForMultipleObjects
SetFilePointerEx
WriteConsoleW
HeapReAlloc
HeapSize
CreateDirectoryW
GetFileSizeEx
SetFilePointer
InitializeCriticalSectionEx
OutputDebugStringW
GetLocalTime
GetFileType
lstrcmpiW
TlsGetValue
TlsAlloc
LCMapStringW
EncodePointer
ReadFile
HeapDestroy
GetFullPathNameW
GetConsoleMode
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSection
CompareStringW
VerSetConditionMask
FreeLibrary
TlsSetValue
VerifyVersionInfoW
SetLastError
ProcessIdToSessionId
GetCommandLineW
IsValidCodePage
GetCommandLineA
GetStdHandle
GetModuleHandleExW
ExitProcess
RtlUnwind
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
QueryPerformanceCounter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
IsDebuggerPresent
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
TlsFree

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoSetProxyBlanket
CoCreateInstance

hid

HidD_FreePreparsedData
HidD_GetAttributes
HidD_GetPreparsedData
HidP_GetCaps

setupapi

CMP_WaitNoPendingInstallEvents
CM_Locate_DevNodeW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInterfaceDetailW

advapi32

CreateServiceW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
QueryServiceStatus
ControlService
RegNotifyChangeKeyValue
CloseServiceHandle
DeleteService
OpenServiceW
OpenSCManagerW
RevertToSelf
ImpersonateLoggedOnUser
EventWriteString
SetServiceStatus
EventUnregister
EventRegister
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegDeleteKeyW
RegSetValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
DuplicateTokenEx
GetTokenInformation
RegCloseKey
CreateProcessAsUserW
OpenProcessToken

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSQueryUserToken

userenv

DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock

shlwapi

StrChrW
StrCmpNIW
StrCmpIW
StrToIntExW

wintrust

WinVerifyTrust

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

12cb45e8d05931d7d2c52229f21ec5f5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oleaut32

kernel32

ole32

hid

setupapi

advapi32

wtsapi32

userenv

shlwapi

wintrust

Sections

.text Size: 153KB - Virtual size: 152KB

.rdata Size: 97KB - Virtual size: 96KB

.data Size: 4KB - Virtual size: 11KB

.pdata Size: 8KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1.2MB - Virtual size: 1.9MB

.text
Size: 153KB - Virtual size: 152KB

.rdata
Size: 97KB - Virtual size: 96KB

.data
Size: 4KB - Virtual size: 11KB

.pdata
Size: 8KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1.2MB - Virtual size: 1.9MB