e46634f2158ba117f9b15f26389a804e5cd9aae811b7da4bbaf0782f2af07b6c

Sharing

Copy URL Twitter E-mail

General

Target

e46634f2158ba117f9b15f26389a804e5cd9aae811b7da4bbaf0782f2af07b6c
Size

1.2MB
MD5

7dcf16d14716e7d2d44eb2db4555f4e6
SHA1

77a6b5e4dd887daf9b602dcd0772a302bc93b2f6
SHA256

e46634f2158ba117f9b15f26389a804e5cd9aae811b7da4bbaf0782f2af07b6c
SHA512

290534efc759893d62fb2551c23833b760c53a09879de04690ab34a18de839bc8572afad99fa5b92248fa553ab156906bfa0f8600fc9024f55a3044754d2bdff
SSDEEP

12288:ipkeA/lL8n/zizlNTUBL8252uui8FbECP7BhdfswdJ0NXdU8ZWH7DEP1rCJ7U3J:ipk1/mzQt2rR8FfBhRJUEbDk1ulUZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e46634f2158ba117f9b15f26389a804e5cd9aae811b7da4bbaf0782f2af07b6c

Files

e46634f2158ba117f9b15f26389a804e5cd9aae811b7da4bbaf0782f2af07b6c
.exe windows:6 windows x64 arch:x64

b4970532f5c5f310e2265a1e8c2defc6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\SCD\Documents\MyWork\Project--dynabookFunctionKeyControlService\FunctionKeyControlService_dev\x64\Release\DSDFunctionKeyCtlService.pdb

Imports

kernel32

CreateFileW
DeviceIoControl
CreateThread
TerminateThread
LoadLibraryW
FreeLibrary
GetProcAddress
ProcessIdToSessionId
GetCurrentProcessId
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
FindPackagesByPackageFamily
GetModuleHandleW
K32EnumProcesses
OpenProcess
K32EnumProcessModules
K32GetModuleBaseNameW
lstrcmpW
LocalFree
GetSystemDirectoryW
GetCurrentProcess
InitializeCriticalSection
CreateProcessW
ReadFile
SetEndOfFile
WriteConsoleW
SetFilePointerEx
SetStdHandle
LoadLibraryExW
LCMapStringW
GetStringTypeW
FreeEnvironmentStringsW
DeleteCriticalSection
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
GetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
WideCharToMultiByte
GetModuleHandleExW
ExitProcess
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetCommandLineW
GetFileAttributesExW
EncodePointer
DecodePointer
RaiseException
InitializeCriticalSectionEx
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateMutexW
HeapReAlloc
HeapSize
HeapDestroy
HeapFree
GetProcessHeap
HeapAlloc
MultiByteToWideChar
WTSGetActiveConsoleSessionId
Sleep
CloseHandle
GetCurrentThreadId
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetTickCount
OutputDebugStringW
ExpandEnvironmentStringsW
GetPrivateProfileStringW
CreateDirectoryW
IsProcessorFeaturePresent
LeaveCriticalSection
EnterCriticalSection
IsDebuggerPresent
GetPrivateProfileIntW
GetModuleFileNameW
GetLastError
GetEnvironmentStringsW
ReadConsoleW

user32

LoadCursorW
LoadIconW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
IsWindow
CreateWindowExW
ShowWindow
PostMessageW
FindWindowW
RegisterWindowMessageW
AttachThreadInput
SetFocus
BringWindowToTop
SwitchToThisWindow
SetWindowPos
IsWindowVisible
GetWindowTextW
RegisterClassExW
EnumWindows
LockWorkStation
MapVirtualKeyW
SendMessageW
SetForegroundWindow
FindWindowExW
GetClassNameW
GetForegroundWindow
wsprintfW
CharUpperW
LoadStringW
SendInput
EnumDisplaySettingsExW
EnumDisplaySettingsW
EnumDisplayDevicesW
DisplayConfigGetDeviceInfo
QueryDisplayConfig
GetDisplayConfigBufferSizes
ChangeDisplaySettingsExW
GetSystemMetrics
ChangeWindowMessageFilter
KillTimer
SetTimer
GetRawInputDeviceInfoW
GetRawInputData
RegisterRawInputDevices
DefWindowProcW
PostQuitMessage
UpdateWindow
GetWindowThreadProcessId

advapi32

RegNotifyChangeKeyValue
RegSetValueExW
RegCloseKey
DuplicateTokenEx
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
ControlService
StartServiceW
DeleteService
CreateServiceW
CloseServiceHandle
ChangeServiceConfig2W
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenCurrentUser
RegOpenKeyW
RegQueryValueExW
RegGetValueW
RegEnumKeyExW
RegQueryInfoKeyW
CreateProcessAsUserW
RegOpenKeyExW

shell32

SHGetFolderPathW
ShellExecuteW

ole32

CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SysFreeString
VariantInit
SysAllocString

shlwapi

StrStrIW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification
WTSFreeMemory
WTSQuerySessionInformationW

hid

HidD_GetAttributes
HidD_SetOutputReport
HidD_GetHidGuid

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW

powrprof

SetSuspendState

Sections

.text
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b4970532f5c5f310e2265a1e8c2defc6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

wtsapi32

hid

setupapi

powrprof

Sections

.text Size: 258KB - Virtual size: 258KB

.rdata Size: 155KB - Virtual size: 154KB

.data Size: 9KB - Virtual size: 34KB

.pdata Size: 13KB - Virtual size: 12KB

.rsrc Size: 217KB - Virtual size: 217KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 258KB - Virtual size: 258KB

.rdata
Size: 155KB - Virtual size: 154KB

.data
Size: 9KB - Virtual size: 34KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 217KB - Virtual size: 217KB

.reloc
Size: 568KB - Virtual size: 572KB