2adfbc6049aeee8a5b8e47cfaf57b0a5edbd42499516296d8b31abffae93afe3

Sharing

Copy URL Twitter E-mail

General

Target

2adfbc6049aeee8a5b8e47cfaf57b0a5edbd42499516296d8b31abffae93afe3
Size

2.5MB
MD5

91a63da4e970a14220843b2c24dab290
SHA1

5a7b8edf6921a7df7df54c234b31b89ca4d079e5
SHA256

2adfbc6049aeee8a5b8e47cfaf57b0a5edbd42499516296d8b31abffae93afe3
SHA512

56c966bb62dd8fb9bfb6078378a7911aa1224faf3555f2ce709710f1c8d810b27d95162eb0a427b226b81b14948622f4f02c14531faefb14b72cbe8f4fc389ab
SSDEEP

49152:NtNvtZpoNirdA73e9dBYs1CmwXJxlxOVvCYN+HvFXo+82:NtN3poNs4X4CbXOVut4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2adfbc6049aeee8a5b8e47cfaf57b0a5edbd42499516296d8b31abffae93afe3

Files

2adfbc6049aeee8a5b8e47cfaf57b0a5edbd42499516296d8b31abffae93afe3
.exe windows:6 windows x64 arch:x64

1edcfbee15cf993d3a8d8054a29fa52f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\constructicon\builds\gfx\six\22.40\apps\cn\amddvr\Target\x64\Release\AMDRSServ.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupDiGetClassDevsExW
SetupDiClassGuidsFromNameW
SetupDiEnumDeviceInfo

shlwapi

PathRemoveFileSpecW
ord12
PathAddExtensionW
PathCombineW
PathFindFileNameW
ord219
PathFileExistsW

winmm

timeBeginPeriod
timeKillEvent
timeSetEvent
timeEndPeriod

wininet

InternetGetConnectedState

crypt32

CryptUnprotectData

dwmapi

DwmGetWindowAttribute

kernel32

ReadConsoleW
GetConsoleMode
SetFilePointerEx
TlsFree
TlsGetValue
SetLastError
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsDebuggerPresent
GetCPInfo
CompareStringEx
GetLocaleInfoEx
IsValidLocale
GetSystemTimeAsFileTime
GetFileType
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LCMapStringEx
EncodePointer
GetExitCodeThread
WaitForSingleObjectEx
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
SetStdHandle
SetEndOfFile
GetFileSizeEx
FlushFileBuffers
HeapReAlloc
HeapSize
FindFirstFileExW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
GetConsoleOutputCP
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetTimeZoneInformation
GetStdHandle
HeapFree
HeapAlloc
IsValidCodePage
GetACP
GetOEMCP
GetLocaleInfoW
FreeEnvironmentStringsW
GetProcessHeap
WriteConsoleW
LoadLibraryExA
VirtualQuery
QueryDosDeviceW
VirtualProtect
FindResourceW
LoadResource
LockResource
SetThreadDescription
SizeofResource
SystemTimeToFileTime
OutputDebugStringA
SetEnvironmentVariableW
InitializeCriticalSectionEx
GetLastError
OutputDebugStringW
RaiseException
LoadLibraryW
DecodePointer
GetProcAddress
DeleteCriticalSection
FreeLibrary
LocalFree
FindFirstFileW
FindClose
VerSetConditionMask
VerifyVersionInfoW
ReleaseSemaphore
WaitForSingleObject
CloseHandle
CreateSemaphoreW
MultiByteToWideChar
WideCharToMultiByte
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateMutexW
ReleaseMutex
CreateEventW
Sleep
SetEvent
QueryPerformanceFrequency
ResetEvent
QueryPerformanceCounter
OpenMutexW
GetTickCount
LoadLibraryExW
WaitForMultipleObjects
SetErrorMode
OpenEventW
TlsAlloc
ExitProcess
GetTickCount64
OpenFileMappingW
UnmapViewOfFile
OpenProcess
CreateToolhelp32Snapshot
CreateFileMappingW
MapViewOfFile
TerminateProcess
Process32NextW
Process32FirstW
GetCurrentProcess
GetCurrentProcessId
SetProcessWorkingSetSize
CreateFileW
DeleteFileW
GetTempFileNameW
GetModuleHandleW
K32GetModuleFileNameExW
GetPhysicallyInstalledSystemMemory
GetSystemPowerStatus
GetSystemInfo
OpenEventA
CreateMutexA
CreateThread
GetThreadId
TlsSetValue
GetEnvironmentVariableW
GetCurrentThreadId
GetLocalTime
SetWaitableTimer
CreateWaitableTimerW
CancelWaitableTimer
SetThreadPriority
GetCurrentThread
DebugBreak
LoadLibraryA
TerminateThread
SetPriorityClass
GetPriorityClass
RemoveDirectoryW
GetFileAttributesW
SetFileAttributesW
GetSystemTime
MoveFileW
ReadFile
WriteFile
ClearCommError
SetCommTimeouts
CreateDirectoryW
FindNextFileW
SetFileTime
GetModuleFileNameW
K32GetProcessImageFileNameW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW

user32

ReleaseDC
GetDC
GetIconInfo
SendMessageW
MonitorFromPoint
GetWindowPlacement
wsprintfW
IsWindow
GetClientRect
GetDesktopWindow
GetParent
IsIconic
LoadStringW
GetMessageW
DefWindowProcW
UnregisterHotKey
DestroyWindow
CreateWindowExW
GetShellWindow
RegisterDeviceNotificationW
DispatchMessageW
SetTimer
UnregisterPowerSettingNotification
GetRawInputData
GetWindowRect
RegisterHotKey
SetPropW
RegisterRawInputDevices
TranslateMessage
ChangeWindowMessageFilterEx
KillTimer
RegisterPowerSettingNotification
PostQuitMessage
UnregisterDeviceNotification
GetWindowTextW
IsWindowVisible
MonitorFromWindow
CallNextHookEx
WindowFromPoint
wsprintfA
PostMessageW
GetPropW
GetCursorInfo
EnumDisplayMonitors
GetMonitorInfoW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
GetAncestor
GetCursorPos
QueryDisplayConfig
GetDisplayConfigBufferSizes
DisplayConfigGetDeviceInfo
EnumDisplaySettingsW
GetWindowLongW
GetWindowThreadProcessId
RegisterClassExW
RedrawWindow
EnumWindows
GetClassNameW
SetForegroundWindow
GetForegroundWindow
SendMessageTimeoutW
FindWindowExW

gdi32

D3DKMTCloseAdapter
SetPixelFormat
ChoosePixelFormat
DeleteDC
DeleteObject
GetObjectW
GetBitmapBits
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
GetDeviceCaps
D3DKMTOpenAdapterFromGdiDisplayName

advapi32

RegEnumKeyExW
EventWriteTransfer
EventRegister
EventUnregister
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegSetValueExW
RegDeleteTreeW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
RegNotifyChangeKeyValue

shell32

SHGetKnownFolderPath
ShellExecuteExW
SHCreateDirectoryExW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoCreateGuid
CoCreateInstance
PropVariantClear
StringFromCLSID
CoInitializeEx

pdh

PdhAddEnglishCounterW
PdhCloseQuery
PdhOpenQueryW
PdhCollectQueryData
PdhGetFormattedCounterArrayW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 539KB - Virtual size: 538KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1edcfbee15cf993d3a8d8054a29fa52f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

setupapi

shlwapi

winmm

wininet

crypt32

dwmapi

kernel32

user32

gdi32

advapi32

shell32

ole32

pdh

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 539KB - Virtual size: 538KB

.data Size: 48KB - Virtual size: 78KB

.pdata Size: 52KB - Virtual size: 52KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 317KB - Virtual size: 317KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 539KB - Virtual size: 538KB

.data
Size: 48KB - Virtual size: 78KB

.pdata
Size: 52KB - Virtual size: 52KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 317KB - Virtual size: 317KB

.reloc
Size: 11KB - Virtual size: 10KB