wdi.pdb
Static task
static1
1 signatures
General
-
Target
Loader.zip
-
Size
529KB
-
MD5
47f41afd81c8678c1c782c3f7aad4ed7
-
SHA1
12ec2e1c022ae0db8b46619012cbbca140b5dd62
-
SHA256
0d5b3f2d3859f87223502d19b2b842361a42471b8a5924685e3bbaa470d4c7ea
-
SHA512
29b983e8c5330776acc4aef5855869f44c72705fe6c8c5ed91e5e8db63be0174e0de57a3964fc99333c425db4d34eec25d3278a4bf640b74dff0b1a7734f98ca
-
SSDEEP
12288:twKHov4mFCKQ4J+qg+nABjraRejTiHQHGUFC/:tdKttJ+TwA9raIjyyu
Score
3/10
Malware Config
Signatures
-
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/Loader/Loader.exe unpack001/Loader/likodi/NotificationController.dll.mui unpack001/Loader/wdi.dll
Files
-
Loader.zip.zip
-
Loader/Loader.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Loader/dmxmlhelputils.dll
-
Loader/likodi/NotificationController.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 176B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Loader/likodi/SmiEngine.dll.mui
-
Loader/likodi/netid.dll.mui
-
Loader/likodi/wfascim.dll.mui
-
Loader/mqutil.dll.mui
-
Loader/samlib.dll
-
Loader/wdi.dll.dll windows:10 windows x86 arch:x86
d2c5ad65de7676505e640af8a127b32b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
_except_handler4_common
memcpy
memcmp
_amsg_exit
_XcptFilter
free
_callnewh
_vsnwprintf
malloc
_wcsicmp
swscanf_s
wcsrchr
_initterm
memset
ntdll
EtwEventEnabled
EtwEventUnregister
EtwEventRegister
NtSetInformationThread
NtQueryInformationThread
NtAlpcConnectPort
RtlInitUnicodeString
NtAlpcAcceptConnectPort
NtAlpcCancelMessage
NtAlpcSendWaitReceivePort
AlpcInitializeMessageAttribute
EtwEventWrite
TpReleaseAlpcCompletion
EtwEventActivityIdControl
NtAlpcImpersonateClientOfPort
NtQueryInformationProcess
AlpcMaxAllowedMessageLength
TpWaitForAlpcCompletion
NtAlpcQueryInformation
NtAlpcDisconnectPort
RtlNtStatusToDosError
AlpcGetMessageAttribute
TpAllocAlpcCompletion
api-ms-win-core-synch-l1-1-0
EnterCriticalSection
SetEvent
InitializeCriticalSection
WaitForSingleObject
DeleteCriticalSection
CreateEventW
WaitForMultipleObjectsEx
ResetEvent
LeaveCriticalSection
api-ms-win-eventing-controller-l1-1-0
ControlTraceW
api-ms-win-core-file-l2-1-0
CopyFileExW
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
api-ms-win-core-file-l1-1-0
CreateFileW
CreateDirectoryW
CompareFileTime
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThread
CreateThread
GetCurrentThreadId
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime
api-ms-win-security-base-l1-1-0
GetLengthSid
IsValidSid
CreateWellKnownSid
CopySid
RevertToSelf
api-ms-win-core-libraryloader-l1-2-0
GetProcAddress
LoadStringW
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleExW
LoadLibraryExW
FreeLibraryAndExitThread
api-ms-win-core-registry-l1-1-0
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapAlloc
HeapFree
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-core-heap-l2-1-0
LocalFree
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
kernelbase
WTSGetServiceSessionId
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
DllCanUnloadNow
DllGetClassObject
ServiceMain
WdiAddFileToInstance
WdiAddParameter
WdiCancel
WdiCloseInstance
WdiCreateInstance
WdiDeleteQueuedResolution
WdiDiagnose
WdiGetClientActivityId
WdiGetClientLCID
WdiGetDiagnosticModuleId
WdiGetEvent
WdiGetInstanceFilePath
WdiGetInstanceId
WdiGetLoggerSnapshotPath
WdiGetParameterByIndex
WdiGetParameterByName
WdiGetParameterCount
WdiGetParameterData
WdiGetParameterDataLength
WdiGetParameterDiagnosticModuleId
WdiGetParameterFlags
WdiGetParameterName
WdiGetProgress
WdiGetQueuedResolutionAudience
WdiGetQueuedResolutionExpirationDate
WdiGetQueuedResolutionId
WdiGetQueuedResolutionName
WdiGetQueuedResolutionPriority
WdiGetResult
WdiGetScenarioIcon
WdiGetScenarioInfo
WdiGetScenarioInstanceCreatedDate
WdiGetScenarioInstanceFilePath
WdiGetScenarioInstanceId
WdiGetScenarioInstances
WdiGetScenarioSourceName
WdiGetScenarioTypeName
WdiImpersonateClient
WdiIsQueuedResolutionAdmin
WdiLaunchQueuedResolution
WdiOpenInstance
WdiQueueCurrentResolution
WdiResolve
WdiRevertToSelf
WdiSetFeedback
WdiSetProblemDetectionResult
WdiSetProgress
WdiSetResolution
WdipLaunchLocalHost
WdipLaunchRunDLLUserHost
Sections
.text Size: 73KB - Virtual size: 72KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 80B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ