633f337dfc7f24fcfc28023ae33022d2a24f017acbd7c7f82b3202cd58f420e0

Sharing

Copy URL Twitter E-mail

General

Target

633f337dfc7f24fcfc28023ae33022d2a24f017acbd7c7f82b3202cd58f420e0
Size

46KB
MD5

f5199e4b0317a6812237859c271864cf
SHA1

52431a617d7329584da27672a77911a96a63d9c9
SHA256

633f337dfc7f24fcfc28023ae33022d2a24f017acbd7c7f82b3202cd58f420e0
SHA512

e08071694f98197573fad92d3af760d33cde6b3d934d0e274c62d1e1aad223e5cb210a5ad8f48cdc416bb005800b3a2b5085ae90cb4fb9aafb897fd31e430dc4
SSDEEP

768:r0OByp0SqxhY7l7WS29Dk1jAasaEpqBZQ/odyBa9a:r3Y6LsANklAaskgiyA4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
633f337dfc7f24fcfc28023ae33022d2a24f017acbd7c7f82b3202cd58f420e0

Files

633f337dfc7f24fcfc28023ae33022d2a24f017acbd7c7f82b3202cd58f420e0
.exe windows:5 windows x86 arch:x86

ab57db9525fbeb9f3c343464484bc292

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

uWDF.pdb

Imports

msvcrt

__wgetmainargs
_initterm
_adjust_fdiv
??3@YAXPAX@Z
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
_controlfp
_purecall
wcslen
??2@YAPAXI@Z
__setusermatherr
__winitenv
exit
_cexit
_XcptFilter
_exit
_c_exit
wcsncmp
_except_handler3
malloc
wcscmp
free

advapi32

RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
TraceMessage
LookupAccountSidW
CreateWellKnownSid

kernel32

CreateThread
SetLastError
TerminateThread
SetConsoleCtrlHandler
QueueUserAPC
OpenThread
SleepEx
lstrcmpiW
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
CreateEventW
GetCurrentProcessId
LoadLibraryW
GetProcAddress
FreeLibrary
InitializeCriticalSection
IsDebuggerPresent
InterlockedDecrement
InterlockedIncrement
GetLastError
WaitForSingleObject
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
CloseHandle
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LocalFree
SetEvent
UnhandledExceptionFilter

setupapi

SetupDiCreateDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDeviceInterfaceW
SetupDiDestroyDeviceInfoList

ntdll

DbgBreakPoint

rpcrt4

RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerListen
RpcServerUnregisterIf
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcStringFreeW
RpcAsyncCompleteCall
RpcServerInqCallAttributesW
NdrServerCall2
NdrAsyncServerCall

secur32

GetUserNameExW

user32

LoadCursorW
LoadIconW
DefWindowProcW
RegisterClassW
CreateWindowExW
SetWindowLongW
DestroyWindow
GetMessageW
TranslateMessage
DispatchMessageW
GetWindowLongW
PostQuitMessage
PostMessageW
UnregisterDeviceNotification
RegisterDeviceNotificationW

Exports

Exports

WdfDeviceCreate
WdfDeviceGetDeviceName
WdfDeviceGetIoTarget
WdfDeviceInitSetFileEventCallbacks
WdfDeviceRegisterIoCallbacks
WdfDriverCreate
WdfFdoInitSetEventCallbacks
WdfFdoInitSetFilter
WdfIoQueueGetDevice
WdfIoTargetFormatIoctlRequest
WdfMemoryBufferCreate
WdfObjectDereferenceActual
WdfObjectReferenceActual
WdfRequestComplete
WdfRequestCompleteWithInformation
WdfRequestCreate
WdfRequestGetParameters
WdfRequestRetrieveBuffer
WdfRequestSend
WdfRequestSetCompletionRoutine

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ab57db9525fbeb9f3c343464484bc292

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

setupapi

ntdll

rpcrt4

secur32

user32

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 42KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 33KB

.text
Size: 43KB - Virtual size: 42KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 33KB