m3[.]cab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

m3.cab
Size

135KB
MD5

d97787d90b84915e821559b5f9d35606
SHA1

355cf6cf26e6c0696d22dfc625abc7c0db838912
SHA256

103d03c03d458a750799da87a2772168c93c2fc4e25352c77e7765098f4f4a8c
SHA512

d87ffdf6de8b20f5cd61b00a432c1cddb682f1f9d7b350f75e9898ebda81585e8e81f9c0ddc10b63ca21dee5e8447b549b181a8a1b52704a2cadf7648855ca76
SSDEEP

3072:Da0fi7LbqczvOJWraoVvinnbATatTy60RsVh+aj4b:+HL2OJJv0nDNy6QsVURb

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GtScSer_A64.sys.98F364C5_7D9A_436D_BB16_FEE46088CF04
unpack001/WiseFile18.98F364C5_7D9A_436D_BB16_FEE46088CF04
unpack001/WiseFile19.98F364C5_7D9A_436D_BB16_FEE46088CF04
unpack001/WiseFile20.98F364C5_7D9A_436D_BB16_FEE46088CF04

Files

m3.cab
.cab
GtScSer_A64.sys.98F364C5_7D9A_436D_BB16_FEE46088CF04
.sys windows:5 windows x64 arch:x64

ba6a181b83e1f6c169d2ea6a2f7e8585

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\work\Driver\Source\Modules\GtScSer\WXPA64\objfre_wnet_AMD64\amd64\gtscser_A64.pdb

Imports

ntoskrnl.exe

IofCallDriver
KeSetEvent
KeWaitForSingleObject
PoCallDriver
KeInitializeEvent
RtlCopyMemory
IofCompleteRequest
IoReleaseCancelSpinLock
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
IoAcquireCancelSpinLock
KeDelayExecutionThread
KeClearEvent
PsTerminateSystemThread
ExFreePool
ExAllocatePoolWithTag
__C_specific_handler
IoFreeIrp
IoAllocateIrp
PoStartNextPowerIrp
ObfDereferenceObject
IoDeleteDevice
RtlFreeUnicodeString
IoDetachDevice
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IoOpenDeviceRegistryKey
PoSetPowerState
IoRegisterDeviceInterface
IoAttachDeviceToDeviceStack
IoCreateDevice
RtlZeroMemory
IoSetDeviceInterfaceState
ZwQueryValueKey
ZwOpenKey
IoCancelIrp
KeReadStateEvent
RtlCompareMemory
IoBuildDeviceIoControlRequest
KeGetCurrentIrql
IoFreeWorkItem
strchr
atoi
strstr
sprintf
toupper
atol
IoQueueWorkItem
IoAllocateWorkItem

smclib.sys

SmartcardExit
SmartcardInitialize
SmartcardLogError
SmartcardT0Reply
SmartcardUpdateCardCapabilities
SmartcardDeviceControl

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 768B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGEABLE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WiseFile.98F364C5_7D9A_436D_BB16_FEE46088CF04
WiseFile13.98F364C5_7D9A_436D_BB16_FEE46088CF04
WiseFile14.98F364C5_7D9A_436D_BB16_FEE46088CF04
WiseFile15.98F364C5_7D9A_436D_BB16_FEE46088CF04
WiseFile16.98F364C5_7D9A_436D_BB16_FEE46088CF04
WiseFile17.98F364C5_7D9A_436D_BB16_FEE46088CF04
WiseFile18.98F364C5_7D9A_436D_BB16_FEE46088CF04
.sys windows:5 windows x64 arch:x64

a48452aa17134df20e788aaf829ce8b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\WORK\Driver\Source\Modules\GtNdis\gt72ndis_WXPA64\objfre\amd64\GT51Ip_A64.pdb

Imports

ntoskrnl.exe

IoAllocateIrp
rand
srand
KeInitializeDpc
RtlInitUnicodeString
RtlAppendUnicodeToString
RtlCopyUnicodeString
RtlUnicodeStringToInteger
wcschr
RtlFreeAnsiString
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
RtlFreeUnicodeString
RtlWriteRegistryValue
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlCreateRegistryKey
ZwDeleteKey
RtlDeleteRegistryValue
_stricmp
ObReferenceObjectByHandle
ZwClose
ObfDereferenceObject
IoFreeIrp
IoFreeMdl
MmMapLockedPagesSpecifyCache
KeQueryTimeIncrement
ExInterlockedRemoveHeadList
KeAcquireSpinLockRaiseToDpc
KeInsertQueueDpc
KeReleaseSpinLock
KeGetCurrentIrql
ExInterlockedInsertTailList
RtlCopyMemory
PsTerminateSystemThread
KeInitializeEvent
KeResetEvent
KeDelayExecutionThread
IofCallDriver
KeWaitForSingleObject
IoCancelIrp
IofCompleteRequest
IoReuseIrp
KeSetEvent
strstr
strchr
RtlZeroMemory
RtlUnicodeStringToAnsiString
atoi
RtlUnicodeToMultiByteN
RtlAnsiCharToUnicodeChar

ndis.sys

NdisReadConfiguration
NdisWriteConfiguration
NdisCloseConfiguration
NdisInitializeWrapper
NdisMRegisterMiniport
NdisTerminateWrapper
NdisMInitializeTimer
NdisWriteErrorLogEntry
NdisGetVersion
NdisMGetDeviceProperty
NdisMSetAttributesEx
NdisMRegisterDevice
NdisAllocatePacketPool
NdisAllocateBufferPool
NdisAllocatePacket
NdisAllocateBuffer
NdisMDeregisterDevice
NdisUnchainBufferAtFront
NdisFreePacket
NdisFreePacketPool
NdisFreeBufferPool
NdisScheduleWorkItem
NdisMSleep
NdisMCancelTimer
NdisSetTimer
NdisAllocateMemoryWithTag
NdisFreeMemory
NdisOpenConfiguration

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WiseFile19.98F364C5_7D9A_436D_BB16_FEE46088CF04
.sys windows:5 windows x64 arch:x64

26b91aeebdc90f752da8f8cc0e1c58cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\perforce\Driver\Source\Modules\GtPtSer\WXPA64\objfre\amd64\gtptser_A64.pdb

Imports

ntoskrnl.exe

ExFreePool
RtlInitUnicodeString
RtlCopyMemory
ExAllocatePoolWithTag
IoIsWdmVersionAvailable
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlZeroMemory
RtlIntegerToUnicodeString
RtlDeleteRegistryValue
IoSetDeviceInterfaceState
IoDeleteSymbolicLink
ZwClose
IoRegisterDeviceInterface
RtlWriteRegistryValue
IoCreateSymbolicLink
IoOpenDeviceRegistryKey
IofCallDriver
KeSetEvent
KeWaitForSingleObject
KeInitializeEvent
IoDeleteDevice
IoDetachDevice
IoAttachDeviceToDeviceStack
PoSetPowerState
IoCreateDevice
PoCallDriver
PoStartNextPowerIrp
PoRequestPowerIrp
IofCompleteRequest
ZwQueryValueKey
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 433B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WiseFile20.98F364C5_7D9A_436D_BB16_FEE46088CF04
.sys windows:5 windows x64 arch:x64

111c58b63bbb9c2534b2afd0176d07b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\perforce\Driver\Source\Modules\Gt72UBus\WXPA64\objfre\amd64\gt72ubus_A64.pdb

Imports

ntoskrnl.exe

KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
KeSetTimer
KeClearEvent
IofCallDriver
IoReuseIrp
KeCancelTimer
ExAllocatePoolWithTag
KeInitializeEvent
IofCompleteRequest
KeWaitForSingleObject
KeGetCurrentIrql
KeDelayExecutionThread
IoReleaseCancelSpinLock
PsTerminateSystemThread
IoDeleteDevice
RtlZeroMemory
IoCreateDevice
IoFreeIrp
ObfDereferenceObject
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
IoAllocateIrp
IoCancelIrp
KeInitializeTimer
IoIsWdmVersionAvailable
ZwQueryValueKey
RtlInitUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlIntegerToUnicodeString
IoSetDeviceInterfaceState
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoRegisterDeviceInterface
IoOpenDeviceRegistryKey
RtlCopyMemory
PoSetPowerState
IoDetachDevice
IoAttachDeviceToDeviceStack
ObfReferenceObject
PoCallDriver
PoStartNextPowerIrp
PoRequestPowerIrp
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
IoBuildDeviceIoControlRequest
KeSetEvent
KeInitializeDpc
ExFreePool

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WiseFile21.98F364C5_7D9A_436D_BB16_FEE46088CF04
WiseFile22.98F364C5_7D9A_436D_BB16_FEE46088CF04
WiseFile23.98F364C5_7D9A_436D_BB16_FEE46088CF04
WiseFile24.98F364C5_7D9A_436D_BB16_FEE46088CF04
gt72sc_64.cat.98F364C5_7D9A_436D_BB16_FEE46088CF04
gt72sc_64.inf.98F364C5_7D9A_436D_BB16_FEE46088CF04

Sharing

General

Malware Config

Signatures

Files

ba6a181b83e1f6c169d2ea6a2f7e8585

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

smclib.sys

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 128B - Virtual size: 92B

.pdata Size: 768B - Virtual size: 684B

PAGEABLE Size: 3KB - Virtual size: 3KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

a48452aa17134df20e788aaf829ce8b8

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

ndis.sys

Sections

.text Size: 109KB - Virtual size: 109KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 5KB

.pdata Size: 1KB - Virtual size: 1KB

INIT Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 512B - Virtual size: 156B

26b91aeebdc90f752da8f8cc0e1c58cd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 433B

.pdata Size: 512B - Virtual size: 456B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 256B - Virtual size: 134B

111c58b63bbb9c2534b2afd0176d07b7

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

usbd.sys

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 1KB

.pdata Size: 3KB - Virtual size: 3KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 896B

.reloc Size: 512B - Virtual size: 446B

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 128B - Virtual size: 92B

.pdata
Size: 768B - Virtual size: 684B

PAGEABLE
Size: 3KB - Virtual size: 3KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 109KB - Virtual size: 109KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 5KB

.pdata
Size: 1KB - Virtual size: 1KB

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 512B - Virtual size: 156B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 433B

.pdata
Size: 512B - Virtual size: 456B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 256B - Virtual size: 134B

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 1KB

.pdata
Size: 3KB - Virtual size: 3KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 896B

.reloc
Size: 512B - Virtual size: 446B