a2da344f-b717-4ec8-98a6-1bdd11f2df41_96ecad63a5553a7dfe1ea0b8063ecaa3c5000fef[.]cab

Sharing

Copy URL Twitter E-mail

General

Target

a2da344f-b717-4ec8-98a6-1bdd11f2df41_96ecad63a5553a7dfe1ea0b8063ecaa3c5000fef.cab
Size

2.8MB
MD5

4f05a02efbdce35f6f254e7b43e2875e
SHA1

96ecad63a5553a7dfe1ea0b8063ecaa3c5000fef
SHA256

5bf2651a30c8273db4bcf6404b2a62b79b5ca189f87c177a824f955c780eac03
SHA512

6632d7f1bd065b69c6d32e7a9d7bf1b66250ad553c3fb119d4307e8b4bf45ab502b37442f3829c2d112e4759168a8eb9cb10728f44bc31f321c9c85001609a5c
SSDEEP

49152:sHiIVdcI/nUgbu3RedCbQbs3H3Jcd9LHYyUYuxFVZ5qWnaf0YQOhmMDNJua91TK5:czTd3osdC0b0y7LHUYmbbBEgORNJ1KTt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/rtwlane.sys

Files

a2da344f-b717-4ec8-98a6-1bdd11f2df41_96ecad63a5553a7dfe1ea0b8063ecaa3c5000fef.cab
.cab
netrtwlane.cat
netrtwlane.inf
rtldata.txt
rtwlane.sys
.sys windows:10 windows x64 arch:x64

8d1154fb475e4f907814283f2eb73f11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Orange\orange-repo\orange\Windows_Server\rtwlan_trunk\PLATFORM\NDIS6\PCI\obj\x64\rtwlane.pdb

Imports

ntoskrnl.exe

DbgPrintEx
__C_specific_handler
PoUnregisterPowerSettingCallback
PoRegisterPowerSettingCallback
EtwWriteTransfer
EtwSetInformation
EtwUnregister
EtwRegister
IoWMIRegistrationControl
RtlCopyUnicodeString
ObfDereferenceObject
PoStartNextPowerIrp
PoRequestPowerIrp
IoGetAttachedDeviceReference
IofCompleteRequest
IoCancelIrp
IofCallDriver
IoBuildSynchronousFsdRequest
_vsnprintf
ExAllocatePoolWithTag
KeWaitForSingleObject
KeSetEvent
KeClearEvent
KeInitializeEvent
KeFlushQueuedDpcs
KeBugCheckEx
KfRaiseIrql
KeLowerIrql
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
strncpy
DbgPrint
RtlGUIDFromString
sscanf_s
MmUnmapIoSpace
MmMapLockedPagesSpecifyCache
KeInitializeSpinLock
memchr
ZwCreateFile
ZwClose
ZwDeviceIoControlFile
ExFreePoolWithTag
KeAcquireSpinLockRaiseToDpc
ZwOpenKey
ZwQueryValueKey
KeCapturePersistentThreadState
ZwWriteFile
NtBuildNumber
RtlCaptureContext
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
__chkstk
strncpy_s
wcsstr
RtlInitString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
ZwEnumerateKey
strcpy_s
strncmp
RtlInitAnsiString
ExGetFirmwareEnvironmentVariable
IoWMIOpenBlock
IoWMIQueryAllData
ExNotifyCallback
RtlUnicodeStringToInteger
strcmp
RtlStringFromGUID
KeInitializeMutex
KeReleaseMutex
KeInitializeSemaphore
KeReleaseSemaphore
KeSetPriorityThread
ExCreateCallback
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
ZwSetValueKey
IoCsqInitialize
IoCsqInsertIrp
IoCsqRemoveNextIrp
MmGetSystemRoutineAddress
RtlInitUnicodeString
strchr
KeReleaseSpinLock

hal

KeQueryPerformanceCounter
KeStallExecutionProcessor

ndis.sys

NdisMIndicateStatusEx
NdisOpenConfigurationEx
NdisInitializeEvent
NdisMIndicateReceiveNetBufferLists
NdisMFreeNetBufferSGList
NdisAllocateMdl
NdisAllocateNetBufferAndNetBufferList
NdisAllocateMemoryWithTag
NdisMDirectOidRequestComplete
NdisMDeregisterWdiMiniportDriver
NdisMRegisterWdiMiniportDriver
NdisMDeregisterMiniportDriver
NdisMAllocateNetBufferSGList
NdisMDeregisterScatterGatherDma
NdisMRegisterScatterGatherDma
NdisMGetDeviceProperty
NdisMUnmapIoSpace
NdisMMapIoSpace
NdisMDeregisterIoPortRange
NdisMRegisterIoPortRange
NdisMSynchronizeWithInterruptEx
NdisMDeregisterInterruptEx
NdisMSleep
NdisFreeMdl
NdisFreeNetBufferList
NdisFreeNetBufferListPool
NdisAllocateNetBufferListPool
NdisWriteErrorLogEntry
NdisMSetBusData
NdisMGetBusData
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisReadNetworkAddress
NdisMAllocatePort
NdisMNetPnPEvent
NdisFreeIoWorkItem
NdisQueueIoWorkItem
NdisAllocateIoWorkItem
NdisFreeTimerObject
NdisCancelTimerObject
NdisSetTimerObject
NdisAllocateTimerObject
NdisAllocateMemoryWithTagPriority
NdisSetEvent
NdisMOidRequestComplete
NdisMRegisterInterruptEx
NdisMFreePort
NdisWriteConfiguration
NdisFreeMemory
NdisResetEvent
NdisWaitEvent
NdisOpenFile
NdisCloseFile
NdisMapFile
NdisUnmapFile
NdisInitializeString
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisMRemoveMiniport
NdisMSendNetBufferListsComplete
NdisReadConfiguration
NdisCloseConfiguration
NdisGetVersion

ext-ms-win-ntos-werkernel-l1-1-1

WerLiveKernelCreateReport
WerLiveKernelCancelReport
WerLiveKernelOpenDumpFile
WerLiveKernelCloseHandle
WerLiveKernelSubmitReport

wdfldr.sys

WdfVersionUnbind
WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionBind

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 634KB - Virtual size: 634KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.8MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 591KB - Virtual size: 591KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d1154fb475e4f907814283f2eb73f11

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

ndis.sys

ext-ms-win-ntos-werkernel-l1-1-1

wdfldr.sys

Sections

.text Size: 4.9MB - Virtual size: 4.9MB

.rdata Size: 634KB - Virtual size: 634KB

.data Size: 4.8MB - Virtual size: 5.0MB

.pdata Size: 121KB - Virtual size: 121KB

PAGE Size: 4KB - Virtual size: 4KB

INIT Size: 5KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 591KB - Virtual size: 591KB

.text
Size: 4.9MB - Virtual size: 4.9MB

.rdata
Size: 634KB - Virtual size: 634KB

.data
Size: 4.8MB - Virtual size: 5.0MB

.pdata
Size: 121KB - Virtual size: 121KB

PAGE
Size: 4KB - Virtual size: 4KB

INIT
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 591KB - Virtual size: 591KB