netdrv[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

netdrv.dll
Size

3.1MB
MD5

70813f495540e6736518ecc4158861d8
SHA1

06216567a7d1f770291e610e41f9d5e565531a12
SHA256

40c325544cf7d41915f19c02a128c44e14cc4caafd47d0b12b59707e4b8ff4f8
SHA512

16167cb1ad1e195bb24abc020b36cac412bcf97748c9d21fc96bb5b64fa402276bafde547e664580e973a5b79934ae4803801efe5eccf7d160b114d85fbd08f8
SSDEEP

49152:ijl7n8XaK58TSnYDYPgNq+hal4LMuOsxWv1kFbfnC5fbGx9:GC0YPMqEaleZxW6C5TGH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
netdrv.dll

Files

netdrv.dll
.dll windows:4 windows x64 arch:x64

34c089b00e23a969ba345931b65885ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Build\Project\Medicine\Engine\2.0_MainTrunk\building\build\Project\Medicine\Engine\2.0\Trunk\Build\AMD64\free\MeDExt.pdb

Imports

kernel32

HeapValidate
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GetVersionExW
GetVersionExA
GetTickCount
GetTempPathW
GetTempPathA
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetFullPathNameW
GetFullPathNameA
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetCurrentProcessId
FreeLibrary
FormatMessageW
FormatMessageA
FlushFileBuffers
DeleteFileW
DeleteFileA
CreateMutexW
CreateFileMappingW
CreateFileMappingA
CreateFileW
CreateFileA
AreFileApisANSI
TryEnterCriticalSection
HeapCompact
CreateEventW
__C_specific_handler
GetModuleFileNameW
DeviceIoControl
CancelIo
MoveFileW
SetFileAttributesW
GetFileTime
FindClose
RemoveDirectoryW
FindNextFileW
FindFirstFileW
GetFileInformationByHandle
GetLocalTime
ReleaseMutex
SetEvent
GetCurrentProcess
lstrcmpiW
GetModuleHandleA
GetVersion
lstrlenW
lstrcmpW
LocalAlloc
GetSystemDirectoryW
GetShortPathNameW
OpenMutexW
lstrlenA
lstrcmpA
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
SystemTimeToFileTime
UnlockFile
UnlockFileEx
UnmapViewOfFile
WideCharToMultiByte
WriteFile
WaitForSingleObject
WaitForSingleObjectEx
OutputDebugStringA
OutputDebugStringW
GetProcessHeap
FlushViewOfFile
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetProcAddress
GetLastError
GetCurrentThreadId
CreateSemaphoreW
ReleaseSemaphore
WaitForMultipleObjects
ResetEvent
GetPrivateProfileIntW
GetPrivateProfileStringW
SetLastError
GetVolumeInformationW
lstrcpynW
VerifyVersionInfoW
CloseHandle

advapi32

GetSecurityDescriptorSacl
RegEnumKeyExW
RegDeleteKeyW
EnumServicesStatusW
LockServiceDatabase
UnlockServiceDatabase
QueryServiceConfigW
RegOpenKeyA
RegQueryValueExA
RegOpenKeyW
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
ControlService
StartServiceW
DeleteService
CreateServiceW
RegCreateKeyExW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
ChangeServiceConfigW
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCloseKey
SetSecurityInfo

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msvcrt

_beginthreadex
_endthreadex
strcspn
fabs
strspn
strrchr
_lrotr
_lrotl
wcscmp
__CxxFrameHandler
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_wcsicmp
wcsncat
wcsrchr
_vsnprintf
wcsncmp
wcsstr
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
strncmp
swprintf
_purecall
_wcslwr
wcschr
_wcsupr
_initterm
??1type_info@@UEAA@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
free
malloc
strcmp
localtime
memset
wcslen
_vsnwprintf
memmove
memcmp
memcpy
strlen
realloc
_CxxThrowException
_msize

user32

CharUpperW

Exports

Exports

pest
Test
MeDExtInitialize
MeDExtSet

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34c089b00e23a969ba345931b65885ab

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

version

msvcrt

user32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 151KB - Virtual size: 152KB

.data Size: 50KB - Virtual size: 56KB

.pdata Size: 36KB - Virtual size: 36KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 151KB - Virtual size: 152KB

.data
Size: 50KB - Virtual size: 56KB

.pdata
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 6KB - Virtual size: 6KB