3573be279a2a7942509d8185e6fe237662f9032a5cee1d9253ac3513100fab99

Sharing

Copy URL

Twitter E-mail

General

Target

3573be279a2a7942509d8185e6fe237662f9032a5cee1d9253ac3513100fab99
Size

1.2MB
MD5

a26c2df73d5667daa3376c109feac5f3
SHA1

63780a059e3d0edc7b2094bff97cb2a21715445d
SHA256

3573be279a2a7942509d8185e6fe237662f9032a5cee1d9253ac3513100fab99
SHA512

39c078532fbc3bc6c4610782f9859a2575e6d1838c46de46a0f0db647ba5e5647bac93c8606041841d0c521c51c68d3824d4c33be5f116ef1d83546291b679d7
SSDEEP

24576:VDMUWjhTrXaQbICMvrsUhOWWHcmPRZnhCrhVZtB/JP:VTWlrXQYUOBDxAtBJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3573be279a2a7942509d8185e6fe237662f9032a5cee1d9253ac3513100fab99

Files

3573be279a2a7942509d8185e6fe237662f9032a5cee1d9253ac3513100fab99
.exe windows:6 windows x64 arch:x64

f91ede44756769f3e101a2b4cba31a91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\SCD\Documents\MyWork\Project--dynabookFunctionKeyControlService\FunctionKeyControlService_dev\x64\Release\DSDFunctionKeyCtlService.pdb

Imports

kernel32

DecodePointer
DeleteCriticalSection
CreateFileW
DeviceIoControl
FindPackagesByPackageFamily
LoadLibraryW
FreeLibrary
GetProcAddress
ProcessIdToSessionId
GetCurrentProcessId
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
GetModuleHandleW
K32EnumProcesses
OpenProcess
K32EnumProcessModules
K32GetModuleBaseNameW
lstrcmpW
LocalFree
GetSystemDirectoryW
GetCurrentProcess
InitializeCriticalSection
CreateProcessW
ReadFile
SetEndOfFile
WriteConsoleW
SetFilePointerEx
SetStdHandle
LCMapStringW
GetStringTypeW
LoadLibraryExW
FreeEnvironmentStringsW
RaiseException
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
GetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
WideCharToMultiByte
GetModuleHandleExW
ExitProcess
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetCommandLineW
GetFileAttributesExW
CreateDirectoryW
InitializeCriticalSectionEx
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
CreateMutexW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
TerminateThread
Sleep
WTSGetActiveConsoleSessionId
CreateThread
CloseHandle
GetCurrentThreadId
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetTickCount
OutputDebugStringW
ExpandEnvironmentStringsW
GetPrivateProfileStringW
IsProcessorFeaturePresent
EncodePointer
LeaveCriticalSection
EnterCriticalSection
IsDebuggerPresent
GetPrivateProfileIntW
GetModuleFileNameW
GetLastError
GetEnvironmentStringsW
ReadConsoleW

user32

LoadCursorW
LoadIconW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
IsWindow
CreateWindowExW
ShowWindow
PostMessageW
FindWindowW
RegisterWindowMessageW
AttachThreadInput
SetFocus
BringWindowToTop
SwitchToThisWindow
SetWindowPos
IsWindowVisible
GetWindowTextW
RegisterClassExW
EnumWindows
LockWorkStation
MapVirtualKeyW
SendMessageW
SetForegroundWindow
FindWindowExW
GetClassNameW
GetForegroundWindow
wsprintfW
CharUpperW
LoadStringW
SendInput
EnumDisplaySettingsExW
EnumDisplaySettingsW
EnumDisplayDevicesW
DisplayConfigGetDeviceInfo
QueryDisplayConfig
GetDisplayConfigBufferSizes
ChangeDisplaySettingsExW
GetSystemMetrics
GetRawInputDeviceInfoW
GetRawInputData
RegisterRawInputDevices
KillTimer
SetTimer
ChangeWindowMessageFilter
DefWindowProcW
PostQuitMessage
UpdateWindow
GetWindowThreadProcessId

advapi32

RegEnumKeyExW
RegQueryValueExW
RegNotifyChangeKeyValue
RegCloseKey
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
ControlService
StartServiceW
DeleteService
CreateServiceW
CloseServiceHandle
ChangeServiceConfig2W
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenCurrentUser
RegOpenKeyW
RegGetValueW
RegQueryInfoKeyW
CreateProcessAsUserW
DuplicateTokenEx
RegSetValueExW
RegOpenKeyExW

shell32

SHGetFolderPathW
ShellExecuteW

ole32

CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SysFreeString
VariantInit
SysAllocString

shlwapi

StrStrIW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification
WTSFreeMemory
WTSQuerySessionInformationW

hid

HidD_GetAttributes
HidD_SetOutputReport
HidD_GetHidGuid

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW

powrprof

SetSuspendState

Sections

.text
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f91ede44756769f3e101a2b4cba31a91

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

wtsapi32

hid

setupapi

powrprof

Sections

.text Size: 269KB - Virtual size: 269KB

.rdata Size: 159KB - Virtual size: 158KB

.data Size: 9KB - Virtual size: 34KB

.pdata Size: 13KB - Virtual size: 12KB

.rsrc Size: 217KB - Virtual size: 217KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 269KB - Virtual size: 269KB

.rdata
Size: 159KB - Virtual size: 158KB

.data
Size: 9KB - Virtual size: 34KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 217KB - Virtual size: 217KB

.reloc
Size: 568KB - Virtual size: 572KB