General

  • Target

    realtek-universal-audio-driver-uad-6-0-9694-1.7z

  • Size

    18.3MB

  • MD5

    e99e4a73714721d4c3478f7857f0bf9a

  • SHA1

    8687c18c409a79ff454941f07bfa73cbb3078d3b

  • SHA256

    876826c9835e0ab6a331b423279d55cf69905c3fc8a46fd12dfb3e6fce40a1d5

  • SHA512

    c0b35bf1a063861ca6d65d2ab08cbc6a3a4d4962bcd080e5c5d7ecc7a871cc307fb94bb7f223b3a144173f7ecc71b106a2b408f0c696a7233e2c2901ef2b63b2

  • SSDEEP

    393216:Q1h/8xITB9BTonLB2q3rsIieHsAsRH3PRG3wz33b4vrRFSxbmSnwgsbswnst:Sh/4IN9BToUq3rsIieHs93IO89FSxTsq

Score
9/10

Malware Config

Signatures

  • Detected Nirsoft tools 2 IoCs

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • Unsigned PE 4 IoCs

    Checks for missing Authenticode signature.

Files

  • realtek-universal-audio-driver-uad-6-0-9694-1.7z
    .7z
  • Realtek-UAD-generic/README.md
  • Realtek-UAD-generic/Win64/Realtek/Codec_9310/HDXRT.inf
  • Realtek-UAD-generic/Win64/Realtek/Codec_9310/HDXRTSST.inf
  • Realtek-UAD-generic/Win64/Realtek/Codec_9310/HDXRTU.CAT
  • Realtek-UAD-generic/Win64/Realtek/Codec_9310/RTAIODAT.DAT
  • Realtek-UAD-generic/Win64/Realtek/Codec_9310/RTKVHD64.sys
    .sys windows:6 windows x64 arch:x64

    9f052ee9282cdcc7c6e4d563d9c85f92


    Headers

    Imports

    Sections

  • Realtek-UAD-generic/Win64/Realtek/Codec_9356/HDXRT.inf
  • Realtek-UAD-generic/Win64/Realtek/Codec_9356/HDXRTSST.inf
  • Realtek-UAD-generic/Win64/Realtek/Codec_9356/HDXRTU.CAT
  • Realtek-UAD-generic/Win64/Realtek/Codec_9356/RTAIODAT.DAT
  • Realtek-UAD-generic/Win64/Realtek/Codec_9356/RTKVHD64.sys
    .sys windows:6 windows x64 arch:x64

    5f4b66f33f2936d1550016f5ee1b2487


    Headers

    Imports

    Sections

  • Realtek-UAD-generic/Win64/Realtek/ExtRtk_8824/HDX_GenericExt_RTK.inf
  • Realtek-UAD-generic/Win64/Realtek/ExtRtk_8824/hdxrtext.cat
  • Realtek-UAD-generic/Win64/Realtek/RealtekAPO_12_1167/RealtekAPO.inf
  • Realtek-UAD-generic/Win64/Realtek/RealtekAPO_12_1167/RltkAPOU64.dll
    .dll regsvr32 windows:6 windows x64 arch:x64

    26fd07d0896527cf2ca6d15c3b80065e


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Realtek-UAD-generic/Win64/Realtek/RealtekAPO_12_1167/realtekapo.cat
  • Realtek-UAD-generic/Win64/Realtek/RealtekAPO_13_1167/RealtekAPO.inf
  • Realtek-UAD-generic/Win64/Realtek/RealtekAPO_13_1167/RltkAPOU64.dll
    .dll regsvr32 windows:6 windows x64 arch:x64

    26fd07d0896527cf2ca6d15c3b80065e


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Realtek-UAD-generic/Win64/Realtek/RealtekAPO_13_1167/realtekapo.cat
  • Realtek-UAD-generic/Win64/Realtek/RealtekHSA_334/RealtekHSA.inf
  • Realtek-UAD-generic/Win64/Realtek/RealtekHSA_334/realtekhsa.cat
  • Realtek-UAD-generic/Win64/Realtek/RealtekService_768/MonoSeparationEnrollDll.dll
    .dll windows:6 windows x64 arch:x64

    ce643ae48c2468d7704ce9bf671e7cb1


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Realtek-UAD-generic/Win64/Realtek/RealtekService_768/PTTdll.dll
    .dll windows:6 windows x64 arch:x64

    43abd9ae2351ad08f417389385a2f89f


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Realtek-UAD-generic/Win64/Realtek/RealtekService_768/RealtekService.inf
  • Realtek-UAD-generic/Win64/Realtek/RealtekService_768/RtCOM64.dll
    .dll regsvr32 windows:6 windows x64 arch:x64

    5c0ca7f51a84dfbd181f5d805e235655


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Realtek-UAD-generic/Win64/Realtek/RealtekService_768/RtDataProc64.dll
    .dll regsvr32 windows:6 windows x64 arch:x64

    5e89a4b746e95262701cebeadea79ac4


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Realtek-UAD-generic/Win64/Realtek/RealtekService_768/RtkApi64U.dll
    .dll regsvr32 windows:6 windows x64 arch:x64

    ad41f11ee3ea28e81ce4e23891847f3b


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Realtek-UAD-generic/Win64/Realtek/RealtekService_768/RtkAudUService64.exe
    .exe windows:6 windows x64 arch:x64

    618368859b72c281c4c89e7b03cd38b5


    Code Sign

    Headers

    Imports

    Sections

  • Realtek-UAD-generic/Win64/Realtek/RealtekService_768/RtkAudUServiceConf64.dll
    .dll windows:6 windows x64 arch:x64

    17ec50d0038781602e14eef76472e718


    Code Sign

    Headers

    Imports

    Sections

  • Realtek-UAD-generic/Win64/Realtek/RealtekService_768/RtkAudUServiceRes64.dll
    .dll windows:6 windows x64 arch:x64

    1f2241622097352600c71698fe84063a


    Code Sign

    Headers

    Imports

    Sections

  • Realtek-UAD-generic/Win64/Realtek/RealtekService_768/RtkCfg64.dll
    .dll regsvr32 windows:6 windows x64 arch:x64

    aedbf594d8a1e16419dd583000492c65


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Realtek-UAD-generic/Win64/Realtek/RealtekService_768/SpeakerVerfDll.dll
    .dll windows:6 windows x64 arch:x64

    8b9b3cb3e41a8eb19439f9748c1d61d5


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Realtek-UAD-generic/Win64/Realtek/RealtekService_768/realtekservice.cat
  • Realtek-UAD-generic/Win64/Realtek/UpdatedCodec/RTAIODAT.DAT
  • Realtek-UAD-generic/Win64/Realtek/UpdatedCodec/RTKVHD64.sys
    .sys windows:10 windows x64 arch:x64

    adea9d57efccf33523ce5c3b1bd5040d


    Code Sign

    Headers

    Imports

    Sections

  • Realtek-UAD-generic/devcon.exe
    .exe windows:10 windows x64 arch:x64

    a0225eb3236ea941773b705076ada2af


    Code Sign

    Headers

    Imports

    Sections

  • Realtek-UAD-generic/forceupdater/HKR.cmd
  • Realtek-UAD-generic/forceupdater/audiotype.cmd
  • Realtek-UAD-generic/forceupdater/defeatpnplock.cmd
  • Realtek-UAD-generic/forceupdater/forceupdater.cmd
    .cmd .ps1
  • Realtek-UAD-generic/forceupdater/regedit.cmd
  • Realtek-UAD-generic/modules/autostart.cmd
  • Realtek-UAD-generic/modules/deluadcomponent.cmd
  • Realtek-UAD-generic/modules/finduadservices.vbs
    .vbs
  • Realtek-UAD-generic/modules/getshell.vbs
    .vbs
  • Realtek-UAD-generic/modules/uadserviceremove.cmd
  • Realtek-UAD-generic/modules/uadserviceusermode.vbs
  • Realtek-UAD-generic/nircmd.exe
    .exe windows:4 windows x64 arch:x64

    52b115a47ffae378901264c3506742b0


    Headers

    Imports

    Sections

  • Realtek-UAD-generic/nircmdc.exe
    .exe windows:4 windows x64 arch:x64

    153029c65b56102ebe43b1e86353b387


    Headers

    Imports

    Sections

  • Realtek-UAD-generic/setup.cmd
    .cmd .ps1
  • Realtek-UAD-generic/utility/disablewindowsupdatedriversdownload.cmd
    .cmd .ps1
  • Realtek-UAD-generic/utility/enablewindowsupdatedriversdownload.cmd
    .cmd .ps1
  • Realtek-UAD-generic/utility/removesetupautostart.cmd
    .cmd .ps1
  • Realtek-UAD-generic/utility/restorewindowsnormalstartup.cmd
    .cmd .ps1