836e3969021d8eac9ff0b42f911ebbd0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

836e3969021d8eac9ff0b42f911ebbd0N.exe
Size

1.5MB
MD5

836e3969021d8eac9ff0b42f911ebbd0
SHA1

43b6453d2187d93f7beb6e1719fe633a1538a958
SHA256

b4e2e414eed811ac6cf687a6ed1ad6fba5e5b13d3fe5f114db39142506975a99
SHA512

a8d4c9d69603c04ebbb2c9146a5752e18c2a44a081fc470e7b1aea4588fb3fff67795135a6a2b8c8e46d69959e01f7b319228519830a82ed02f4b943314487a4
SSDEEP

24576:kAIO2O8Vc/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:FIDcLNiXicJFFRGNzj3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
836e3969021d8eac9ff0b42f911ebbd0N.exe

Files

836e3969021d8eac9ff0b42f911ebbd0N.exe
.exe windows:6 windows x64 arch:x64

4ceba8c7259c348f2e963aae06958ee6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\jenkins\workspace\_tbt-sw-driver-deployment_master\drivers.io.thunderbolt.dch\TbtP2pShortcutService\x64\Release\TbtP2pShortcutService.pdb

Imports

kernel32

InterlockedPushEntrySList
SetLastError
FlsAlloc
FlsGetValue
Sleep
GetModuleFileNameW
DeleteFileW
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
FlsSetValue
FlsFree
EncodePointer
DeviceIoControl
GetLastError
CloseHandle
InterlockedFlushSList
RtlUnwindEx
CreateFileW
RaiseException
RtlPcToFileHeader
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
SwitchToThread
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimePreciseAsFileTime
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
FormatMessageA
LocalFree
__C_specific_handler
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

advapi32

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
TraceMessage
RegisterTraceGuidsW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CloseServiceHandle
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree

shell32

SHGetKnownFolderPath

api-ms-win-crt-runtime-l1-1-0

_endthreadex
abort
_register_onexit_function
_execute_onexit_table
_initialize_narrow_environment
terminate
_beginthreadex
_crt_atexit
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_crt_at_quick_exit
_configure_narrow_argv
_wassert
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_set_app_type
exit
_exit
_seh_filter_dll
__p___argc
__p___wargv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_initterm_e

api-ms-win-crt-string-l1-1-0

strcpy_s
towupper
_wcsicmp
strncmp

api-ms-win-crt-filesystem-l1-1-0

_wmakepath_s

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
_set_new_mode
free
calloc

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode
fputs
fputc
__acrt_iob_func
__stdio_common_vsprintf_s

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
_unlock_locales
_lock_locales

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-convert-l1-1-0

atol

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4ceba8c7259c348f2e963aae06958ee6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

setupapi

ole32

shell32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

Sections

.text Size: 133KB - Virtual size: 132KB

.rdata Size: 79KB - Virtual size: 78KB

.data Size: 4KB - Virtual size: 7KB

.pdata Size: 9KB - Virtual size: 9KB

_RDATA Size: 512B - Virtual size: 384B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1.2MB - Virtual size: 1.9MB

.text
Size: 133KB - Virtual size: 132KB

.rdata
Size: 79KB - Virtual size: 78KB

.data
Size: 4KB - Virtual size: 7KB

.pdata
Size: 9KB - Virtual size: 9KB

_RDATA
Size: 512B - Virtual size: 384B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1.2MB - Virtual size: 1.9MB