Windows32DriverHelp[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Windows32DriverHelp.exe
Size

1.3MB
MD5

18e0af7af3f70c7fae004fee742bc9d0
SHA1

f74736fe91859167756e19c51debc329c9166ef2
SHA256

dfb005aa651a17578375cd43db9809a0d94fd0259683bf06d77cf928db4674ae
SHA512

d6b454f83eada5a35c18b6529c1305611844007b82c7884b5b1b16a595fcface364514e0d72b9292b07caaab18784e5d719554b6824fc4653577662ef9096e83
SSDEEP

12288:R++eEB54IsxEoJbRt52yG6C0LSeY5plop5qtq/F:R+jM54Is3JbRtpAlM+W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Windows32DriverHelp.exe

Files

Windows32DriverHelp.exe
.exe windows:6 windows x64 arch:x64

06f49c429518c52d3458b5c2ee8eb7e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtClose
NtCreateFile
NtCreateNamedPipeFile
NtDeviceIoControlFile
NtLockFile
NtQueryDirectoryFile
NtQueryInformationFile
NtQueryInformationProcess
NtQueryObject
NtSetInformationFile
RtlEqualUnicodeString
RtlExitUserProcess
RtlGetFullPathName_U
RtlUpcaseUnicodeChar

shell32

ShellExecuteExA

kernel32

AcquireSRWLockExclusive
CloseHandle
CreateFileW
CreateNamedPipeW
CreateProcessW
CreateThread
ExitProcess
GetCurrentProcess
GetCurrentThreadId
GetExitCodeProcess
GetLastError
GetModuleFileNameW
GetProcessHeap
GetStdHandle
GetSystemDirectoryW
GetSystemTimeAsFileTime
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
ReadFile
ReleaseSRWLockExclusive
SetHandleInformation
Sleep
VirtualAlloc
VirtualFree
WaitForSingleObject
WaitForSingleObjectEx
WriteFile

advapi32

GetTokenInformation
OpenProcessToken
SystemFunction036

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertOpenSystemStoreW

user32

BlockInput
CallNextHookEx
ChangeDisplaySettingsA
CloseClipboard
DispatchMessageA
EnumDisplayDevicesA
EnumDisplaySettingsA
GetClipboardData
MessageBoxA
OpenClipboard
PeekMessageA
SendInput
SetWindowsHookExA
SystemParametersInfoA
TranslateMessage
UnhookWindowsHookEx

ws2_32

WSAGetLastError
WSASocketW
WSAStartup
closesocket
connect
freeaddrinfo
getaddrinfo

Sections

.text
Size: 548KB - Virtual size: 547KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 753KB - Virtual size: 753KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06f49c429518c52d3458b5c2ee8eb7e6

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shell32

kernel32

advapi32

crypt32

user32

ws2_32

Sections

.text Size: 548KB - Virtual size: 547KB

.rdata Size: 753KB - Virtual size: 753KB

.data Size: 512B - Virtual size: 64B

.pdata Size: 6KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 16B

.tls Size: 9KB - Virtual size: 8KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 548KB - Virtual size: 547KB

.rdata
Size: 753KB - Virtual size: 753KB

.data
Size: 512B - Virtual size: 64B

.pdata
Size: 6KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 16B

.tls
Size: 9KB - Virtual size: 8KB

.reloc
Size: 1KB - Virtual size: 1KB