0db8a5b1072b453a20f8ab5f74a1896b5b2e1b83d05a30f9dfdaca154de38529N

Sharing

Copy URL Twitter E-mail

General

Target

0db8a5b1072b453a20f8ab5f74a1896b5b2e1b83d05a30f9dfdaca154de38529N
Size

229KB
MD5

b68375ce7cc7534c3775c85270446bd0
SHA1

5a8db5448d9be4012637fa6504e632059b79312f
SHA256

0db8a5b1072b453a20f8ab5f74a1896b5b2e1b83d05a30f9dfdaca154de38529
SHA512

5955eff8cf7ef18fff9afce61ac4c53e8c696331e0510453c2f24ce01c157a080a07178b9e02c332067c01c239cd125587c41cf480e3dc331ae3a62acf0d4fe0
SSDEEP

3072:ky1WvtZG3DnmVSWXgU2g0wtv3YrPsVXKpJfyBA:5XYBznOrPuGtD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0db8a5b1072b453a20f8ab5f74a1896b5b2e1b83d05a30f9dfdaca154de38529N

Files

0db8a5b1072b453a20f8ab5f74a1896b5b2e1b83d05a30f9dfdaca154de38529N
.dll windows:5 windows x86 arch:x86

95487fa043cd31cdc2bcdfc9daef998a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\workarea\8.97.100.11\drivers\2d\dal\extevents\ati2edxx\build\w8\B_rel\i386\ati2edxx.pdb

Imports

ntdll

RtlUnwind

kernel32

VirtualFree
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
ExitProcess
GetModuleHandleA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
GetSystemInfo
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
WriteFile
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP
GetCPInfo
SetFilePointer
InterlockedExchange
VirtualQuery
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
VirtualProtect

user32

EnumDisplayDevicesA

Exports

Exports

AtiEDUCloseAdapterHandle
AtiEDUEnumApiSupportedDevices
AtiEDUEnumSupportedExternalDevices
AtiEDUGetAdapterTemperatureOffset
AtiEDUGetExtDeviceInfo
AtiEDUGetThermalApiVersion
AtiEDUGetThermalRemoteTemperature
AtiEDUGetThermalRemoteTemperatureCriticalSetPoint
AtiEDUGetThermalRemoteTemperatureFP
AtiEDUGetThermalRemoteTemperatureHighSetPoint
AtiEDUGetThermalRemoteTemperatureLowSetPoint
AtiEDUGetThermalRemoteTemperatureOffset
AtiEDUInitializeThermal
AtiEDUOpenAdapterHandle
AtiEDUSetThermalRemoteTemperatureCriticalSetPoint
AtiEDUSetThermalRemoteTemperatureHighSetPoint
AtiEDUSetThermalRemoteTemperatureLowSetPoint
AtiEDUSetThermalRemoteTemperatureOffset
AtiEDUThermalDisableInterrupt
AtiEDUThermalEnableInterrupt

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHAREDS
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 187KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

95487fa043cd31cdc2bcdfc9daef998a

Headers

File Characteristics

PDB Paths

Imports

ntdll

kernel32

user32

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 34KB

.data Size: 2KB - Virtual size: 9KB

.SHAREDS Size: 512B - Virtual size: 132B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text Size: 187KB - Virtual size: 188KB

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 2KB - Virtual size: 9KB

.SHAREDS
Size: 512B - Virtual size: 132B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 187KB - Virtual size: 188KB