logi_lamparray_service[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

logi_lamparray_service.exe
Size

9.4MB
MD5

b700d75887f8bae4b9c698aee4efbbf5
SHA1

8e312ad0c84eb22250281bc2da305fefca64af01
SHA256

63cbbd3d8b0acbbef7d6de664be23e7e7a79612b44752d5804bebd21ceebb91f
SHA512

76badff734713586bfb952a3d4b91ac724bf4c105343a268a6bb63ebf92a659a07ec8a2bdb8dcc54b69514db086111e7b267b406737e4c6da8f55bd5f4d538d6
SSDEEP

98304:dtno+s0dJqjlIp3mLvDbibyWmp5jMIxzfx/I8rCm:dto+s0dJqhG3y74yWmlfx/I8rt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
logi_lamparray_service.exe

Files

logi_lamparray_service.exe
.exe windows:6 windows x64 arch:x64

02c6baa11150b66dcf73ec85e287447c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\GitLab-Runner\builds\a4cWMMsk\0\drivers\windows\logi_lighting\build\Service\RelWithDebInfo\logi_lamparray_service.pdb

Imports

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate
RpcStringFreeA
UuidToStringA

setupapi

SetupDiOpenDeviceInterfaceA
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiOpenDeviceInfoW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiGetDevicePropertyW
SetupDiEnumDeviceInfo
SetupDiCreateDeviceInfoList

winusb

WinUsb_QueryPipe
WinUsb_QueryInterfaceSettings
WinUsb_Free
WinUsb_Initialize
WinUsb_ControlTransfer
WinUsb_GetOverlappedResult
WinUsb_WritePipe
WinUsb_ReadPipe

cfgmgr32

CM_Get_DevNode_PropertyW
CM_Get_Parent

hid

HidD_SetOutputReport
HidD_GetInputReport
HidD_SetFeature
HidD_GetFeature
HidD_FreePreparsedData
HidD_GetHidGuid
HidP_GetButtonCaps
HidD_GetProductString
HidD_GetManufacturerString
HidD_GetPreparsedData
HidD_GetAttributes
HidP_GetUsageValue
HidP_MaxUsageListLength
HidP_GetValueCaps
HidD_GetSerialNumberString
HidP_GetCaps
HidP_GetSpecificValueCaps
HidP_GetSpecificButtonCaps
HidP_GetUsages

kernel32

FlushFileBuffers
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
HeapReAlloc
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsDebuggerPresent
OutputDebugStringW
CloseHandle
GetLastError
SetEvent
WaitForSingleObject
CreateEventW
CreateThread
GetLocalTime
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
PowerCreateRequest
PowerSetRequest
PowerClearRequest
GetOverlappedResult
ResetEvent
WaitForMultipleObjects
CreateFileW
ReadFile
WriteFile
DeviceIoControl
CancelIoEx
GetFileAttributesW
Sleep
GetCurrentProcessId
GetCurrentThreadId
GetDynamicTimeZoneInformation
MultiByteToWideChar
WideCharToMultiByte
SetEnvironmentVariableW
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleW
GetThreadId
LocalFree
FormatMessageA
VerSetConditionMask
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SleepEx
SetWaitableTimer
QueueUserAPC
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VerifyVersionInfoA
VerifyVersionInfoW
CreateFileA
CancelIo
CreateEventA
LoadLibraryA
CloseThreadpoolTimer
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTempPathW
HeapAlloc
HeapFree
GetCurrentThread
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
GetFileType
SetStdHandle
MoveFileExW
CreateDirectoryW
DeleteFileW
FreeLibraryAndExitThread
ResumeThread
ExitThread
GetModuleHandleExW
ExitProcess
LoadLibraryExW
WaitForThreadpoolTimerCallbacks
RtlUnwindEx
InterlockedFlushSList
InterlockedPushEntrySList
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetProcessHeap
HeapSize
SetEndOfFile
CreateThreadpoolWait
SetThreadpoolWait
GetStdHandle
RtlUnwind
RtlCaptureContext
InitializeSListHead
GetCPInfo
SetThreadpoolTimer
CreateThreadpoolTimer
CompareStringEx
CreateSymbolicLinkW
GetFileInformationByHandleEx
RtlPcToFileHeader
RaiseException
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
GetLocaleInfoEx
EncodePointer
DecodePointer
LCMapStringEx
SetFileInformationByHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CloseThreadpoolWait

user32

SetWindowLongPtrA
GetWindowLongPtrA
GetCursorPos
IsWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
PostMessageA
RegisterDeviceNotificationA
GetRawInputData
DispatchMessageA
LoadCursorW
RegisterClassExW
PostThreadMessageW
UnregisterDeviceNotification
RegisterDeviceNotificationW
TranslateMessage
GetMessageW
SetWindowLongPtrW
GetWindowLongPtrW
MsgWaitForMultipleObjects
DestroyWindow
CreateWindowExW
GetClassInfoW
RegisterClassW
DefWindowProcW
RegisterPowerSettingNotification
PeekMessageW
DispatchMessageW
GetRawInputDeviceInfoA
RegisterRawInputDevices
PeekMessageA
GetKeyState

ole32

CoCreateFreeThreadedMarshaler
CoCreateGuid
CoTaskMemAlloc

advapi32

RegOpenKeyExW
RegCloseKey
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
RegQueryValueExW

ws2_32

WSACleanup
WSAStartup

Exports

Exports

?g_module_logger@driver@lamparray@logi@@3V?$shared_ptr@Vlogger@spdlog@@@std@@A

Sections

.text
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 460KB - Virtual size: 557KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

minATL
Size: 1024B - Virtual size: 809B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 671B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02c6baa11150b66dcf73ec85e287447c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

setupapi

winusb

cfgmgr32

hid

kernel32

user32

ole32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 6.5MB - Virtual size: 6.5MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 460KB - Virtual size: 557KB

.pdata Size: 253KB - Virtual size: 252KB

.idata Size: 13KB - Virtual size: 12KB

.tls Size: 1024B - Virtual size: 804B

minATL Size: 1024B - Virtual size: 809B

.00cfg Size: 512B - Virtual size: 373B

_RDATA Size: 1024B - Virtual size: 671B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 64KB - Virtual size: 64KB

.text
Size: 6.5MB - Virtual size: 6.5MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 460KB - Virtual size: 557KB

.pdata
Size: 253KB - Virtual size: 252KB

.idata
Size: 13KB - Virtual size: 12KB

.tls
Size: 1024B - Virtual size: 804B

minATL
Size: 1024B - Virtual size: 809B

.00cfg
Size: 512B - Virtual size: 373B

_RDATA
Size: 1024B - Virtual size: 671B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 64KB - Virtual size: 64KB