39cf02091bee5172a682e6931f2b7230N

Sharing

Copy URL Twitter E-mail

General

Target

39cf02091bee5172a682e6931f2b7230N
Size

2.9MB
MD5

39cf02091bee5172a682e6931f2b7230
SHA1

3ec28820f2b0047166b935bc71339fb905ad4286
SHA256

2c6fdd979a024170ec516816b31faf6e2d235347543ed6229ea6290a5cedac8d
SHA512

e7785593f60baa53e964b565273b8364e5e0fef5d49fe3fff94205ed5f2e3ea4f652f79e7794006f59e94b8cfac0a40926539570c9509d95af3ef7dc875be188
SSDEEP

49152:XXoR1S3TKvLFuuCCrGCqAB8DjyD8u5Rv70ca2969gQ83RsWonrrvp+gi+qcKK:HzgTrM8zza2lJwPv/ocKK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39cf02091bee5172a682e6931f2b7230N

Files

39cf02091bee5172a682e6931f2b7230N
.exe windows:6 windows x64 arch:x64

82b64a90975e2c45ed3a878f29e07bcd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\constructicon\builds\gfx\six\23.19\apps\cn\amddvr\Target\x64\Release\AMDRSServ.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

setupapi

SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupDiGetClassDevsExW
SetupDiClassGuidsFromNameW
SetupDiEnumDeviceInfo

dxgi

CreateDXGIFactory2
CreateDXGIFactory
CreateDXGIFactory1

d3d12

ord102
ord101

gdiplus

GdipBitmapConvertFormat
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipDrawImageRectI
GdipGraphicsClear
GdipCreateStringFormat
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteBrush
GdipSetStringFormatLineAlign
GdipCreateFont
GdipSetInterpolationMode
GdipCreateSolidFill
GdipGetImageEncoders
GdipDrawString
GdipSetTextRenderingHint
GdipCloneBrush
GdipMeasureString
GdipGetImageGraphicsContext
GdipFillRectangleI
GdipDeleteGraphics
GdipDeleteStringFormat
GdipSetCompositingMode
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipSetStringFormatAlign
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImageWidth
GdiplusStartup
GdiplusShutdown
GdipDrawImageRectRect
GdipCreateBitmapFromStream
GdipGetGenericFontFamilySansSerif

shlwapi

PathRemoveFileSpecW
ord12
PathAddExtensionW
PathCombineW
PathFindFileNameW
ord219
PathFileExistsW

d3d9

Direct3DCreate9Ex

opencl

clReleaseDevice
clSetKernelArg
clGetImageInfo
clCreateProgramWithSource
clGetExtensionFunctionAddressForPlatform
clGetProgramInfo
clCreateContext
clEnqueueCopyImage
clSetKernelExecInfo
clEnqueueMapImage
clEnqueueUnmapMemObject
clGetCommandQueueInfo
clFlush
clReleaseEvent
clGetEventInfo
clCreateKernel
clGetProgramBuildInfo
clEnqueueAcquireGLObjects
clReleaseMemObject
clGetDeviceInfo
clGetPlatformInfo
clGetPlatformIDs
clReleaseCommandQueue
clBuildProgram
clEnqueueNDRangeKernel
clEnqueueReleaseGLObjects
clCreateProgramWithBinary
clCreateImage
clReleaseContext
clGetDeviceIDs
clGetMemObjectInfo
clFinish
clCreateFromGLTexture
clCreateCommandQueue
clReleaseKernel
clReleaseProgram
clGetContextInfo

opengl32

wglMakeCurrent
glTexParameterf
glGetString
glGetError
wglDeleteContext
glDeleteTextures
glFinish
wglGetProcAddress
wglCreateContext
glGetTexLevelParameteriv
glBindTexture
glGetIntegerv
wglGetCurrentDC

winmm

timeBeginPeriod
timeKillEvent
timeSetEvent
timeEndPeriod

wininet

InternetGetConnectedState

crypt32

CryptUnprotectData

d2d1

ord1

dwrite

DWriteCreateFactory

dwmapi

DwmGetWindowAttribute

amdlinkremoteserver

LinkServerStop
LinkServerStart
LinkServerCreate
LinkServerStatus

kernel32

TlsFree
TlsGetValue
SetLastError
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsDebuggerPresent
GetCPInfo
CompareStringEx
GetLocaleInfoEx
GetSystemTimeAsFileTime
GetConsoleMode
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LCMapStringEx
EncodePointer
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
IsProcessorFeaturePresent
RtlPcToFileHeader
GetExitCodeThread
WaitForSingleObjectEx
GetStringTypeW
ReadConsoleW
GetConsoleOutputCP
GetFileType
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetTimeZoneInformation
GetStdHandle
HeapFree
HeapAlloc
IsValidCodePage
GetACP
GetOEMCP
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
SetStdHandle
SetEndOfFile
GetFileSizeEx
FlushFileBuffers
HeapReAlloc
HeapSize
FindFirstFileExW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
WriteConsoleW
SetFileTime
LoadLibraryExA
VirtualQuery
VirtualProtect
K32GetProcessImageFileNameW
OutputDebugStringA
SetEnvironmentVariableW
InitializeCriticalSectionEx
GetLastError
RaiseException
LoadLibraryW
DecodePointer
GetProcAddress
DeleteCriticalSection
FreeLibrary
LocalFree
FindFirstFileW
FindClose
VerSetConditionMask
VerifyVersionInfoW
ReleaseSemaphore
WaitForSingleObject
CloseHandle
CreateSemaphoreW
MultiByteToWideChar
WideCharToMultiByte
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateMutexW
ReleaseMutex
CreateEventW
Sleep
SetEvent
QueryPerformanceFrequency
ResetEvent
QueryPerformanceCounter
OpenMutexW
GetTickCount
LoadLibraryExW
WaitForMultipleObjects
SetErrorMode
OpenEventW
TlsAlloc
ExitProcess
OpenFileMappingW
UnmapViewOfFile
OpenProcess
CreateToolhelp32Snapshot
CreateFileMappingW
MapViewOfFile
TerminateProcess
GetTickCount64
Process32NextW
Process32FirstW
GetCurrentProcess
GetCurrentProcessId
SetProcessWorkingSetSize
CreateFileW
DeleteFileW
GetTempFileNameW
GetModuleHandleW
K32GetModuleFileNameExW
GetPhysicallyInstalledSystemMemory
GetSystemPowerStatus
GetSystemInfo
OpenEventA
CreateMutexA
CreateThread
GetThreadId
TlsSetValue
GetEnvironmentVariableW
GetCurrentThreadId
OutputDebugStringW
GetLocalTime
SetWaitableTimer
CreateWaitableTimerW
CancelWaitableTimer
SetThreadPriority
GetCurrentThread
DebugBreak
LoadLibraryA
TerminateThread
SetPriorityClass
GetPriorityClass
RemoveDirectoryW
GetFileAttributesW
SetFileAttributesW
GetSystemTime
MoveFileW
ReadFile
WriteFile
ClearCommError
SetCommTimeouts
CreateDirectoryW
QueryDosDeviceW
FindNextFileW
RtlUnwind
GetModuleFileNameW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
SystemTimeToFileTime
SizeofResource
SetThreadDescription
LockResource
LoadResource
FindResourceW

user32

EnumDisplaySettingsW
wsprintfW
GetWindowLongW
GetWindowThreadProcessId
GetWindowRect
SendMessageTimeoutW
GetShellWindow
GetWindowPlacement
IsWindow
GetClientRect
GetDesktopWindow
GetParent
IsIconic
LoadStringW
GetMessageW
DefWindowProcW
DisplayConfigGetDeviceInfo
DestroyWindow
CreateWindowExW
RegisterClassExW
RegisterDeviceNotificationW
DispatchMessageW
SetTimer
GetDisplayConfigBufferSizes
UnregisterPowerSettingNotification
GetRawInputData
RegisterHotKey
SetPropW
RegisterRawInputDevices
TranslateMessage
ChangeWindowMessageFilterEx
KillTimer
MonitorFromPoint
SendMessageW
GetIconInfo
GetDC
RegisterPowerSettingNotification
PostQuitMessage
ReleaseDC
MonitorFromWindow
CallNextHookEx
WindowFromPoint
UnregisterDeviceNotification
wsprintfA
GetCursorInfo
GetMonitorInfoW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
GetAncestor
GetCursorPos
QueryDisplayConfig
UnregisterHotKey
GetWindowTextW
IsWindowVisible
PostMessageW
GetPropW
EnumDisplayMonitors
RedrawWindow
EnumWindows
GetClassNameW
SetForegroundWindow
GetForegroundWindow
FindWindowExW

gdi32

GetObjectW
DeleteObject
DeleteDC
GetBitmapBits
SelectObject
CreateCompatibleDC
CreateDIBSection
SetPixelFormat
D3DKMTOpenAdapterFromGdiDisplayName
GetDeviceCaps
ChoosePixelFormat
D3DKMTCloseAdapter
BitBlt
D3DKMTQueryAdapterInfo
D3DKMTEnumAdapters

advapi32

EventWriteTransfer
EventRegister
EventUnregister
RegNotifyChangeKeyValue
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteTreeW
RegSetValueExW
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW

shell32

SHGetKnownFolderPath
ShellExecuteExW
SHCreateDirectoryExW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoCreateGuid
PropVariantClear
StringFromCLSID
CoInitializeEx
CoCreateInstance

d3d11

D3D11CreateDevice

pdh

PdhAddEnglishCounterW
PdhCloseQuery
PdhOpenQueryW
PdhCollectQueryData
PdhGetFormattedCounterArrayW

Exports

Exports

AmdPowerXpressRequestHighPerformance
SA_Init

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 564KB - Virtual size: 563KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 576KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

82b64a90975e2c45ed3a878f29e07bcd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

wtsapi32

setupapi

dxgi

d3d12

gdiplus

shlwapi

d3d9

opencl

opengl32

winmm

wininet

crypt32

d2d1

dwrite

dwmapi

amdlinkremoteserver

kernel32

user32

gdi32

advapi32

shell32

ole32

d3d11

pdh

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 564KB - Virtual size: 563KB

.data Size: 52KB - Virtual size: 82KB

.pdata Size: 56KB - Virtual size: 56KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 97KB - Virtual size: 97KB

.reloc Size: 576KB - Virtual size: 580KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 564KB - Virtual size: 563KB

.data
Size: 52KB - Virtual size: 82KB

.pdata
Size: 56KB - Virtual size: 56KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 97KB - Virtual size: 97KB

.reloc
Size: 576KB - Virtual size: 580KB