b940c77f3213a81fa0a2aa61be9c8382ebdabc1ab6e684ae18e43561740d9679

Sharing

Copy URL Twitter E-mail

General

Target

b940c77f3213a81fa0a2aa61be9c8382ebdabc1ab6e684ae18e43561740d9679
Size

103KB
MD5

6c688960ed685f399b04f5368cfc910d
SHA1

6411be2065297de3a8f47487be3c4e03a1493175
SHA256

b940c77f3213a81fa0a2aa61be9c8382ebdabc1ab6e684ae18e43561740d9679
SHA512

0f562cd7d9eac5fc34566b2f041ca05f6648dfa00e6e3b86c8aec294118208f7b481eee3c873d712411a4f6216a5881c6f989a222297f7b7055cfd70b3b12c8a
SSDEEP

1536:ltVwnb9RtYDn8WeEWKHx1EQwRkmWRfGTcSusVaBUjnmKkusqjaVBOEJ9386:RwbnmDnxZCWRZcV+UjnmKk6jmpJZ86

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/wuinst_ev30F5.exe
unpack001/wumain_ev30F5.dll

Files

b940c77f3213a81fa0a2aa61be9c8382ebdabc1ab6e684ae18e43561740d9679
.rar
wuhid_ev30F5.inf
wuinst_ev30F5.exe
.exe windows:6 windows x86 arch:x86

4dbdae1093034ae32486e283a62d855d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\drivercoding\myproject\auto-update-inst\vendor\ws\src\Release\wuinst_ev30f5.pdb

Imports

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQueryUserToken

shell32

SHGetSpecialFolderPathA

kernel32

CreateFileA
SetEvent
CloseHandle
GetLastError
WTSGetActiveConsoleSessionId
GetFileSize
CreateEventA
HeapReAlloc
Sleep
WaitForSingleObject
FindClose
FindNextFileA
OutputDebugStringA
GetCurrentProcess
FindFirstFileA
GetModuleFileNameA
ReadFile
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
DecodePointer
CreateFileW
CreateThread
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
RtlUnwind
WriteConsoleW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetFileType
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
CompareStringW
LCMapStringW
GetProcessHeap
SetFilePointerEx
HeapSize

advapi32

AdjustTokenPrivileges
CreateProcessAsUserA
RegCloseKey
StartServiceCtrlDispatcherA
CloseServiceHandle
RegQueryValueExA
LookupPrivilegeValueA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenSCManagerA
DeleteService
RegSetValueExA
OpenProcessToken
RegOpenKeyExA
RegDeleteValueA
OpenServiceA

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wumain_ev30F5.dll
.dll windows:5 windows x86 arch:x86

3d6fa0661786a02d47cf846364fe5864

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Work\Denny\Driver\WinUpdate\Curr\wumain\Release\wumain_ev30F5.pdb

Imports

kernel32

GetLastError
SetLastError
OutputDebugStringW
InitializeCriticalSection
FlushFileBuffers
WriteConsoleW
SetStdHandle
LoadLibraryW
InterlockedExchange
RtlUnwind
DeleteFileW
LCMapStringW
WriteFile
GetModuleFileNameW
FindClose
FindNextFileW
ReadFile
GetFileSize
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
CreateFileW
CloseHandle
FindFirstFileW
CreateThread
ResetEvent
CreateEventW
CreateMutexW
OpenMutexW
GetCurrentProcessId
SetEvent
WaitForSingleObject
Sleep
HeapSize
HeapDestroy
HeapCreate
GetStdHandle
ExitProcess
GetStringTypeW
HeapAlloc
HeapFree
HeapReAlloc
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetProcAddress
RaiseException
IsProcessorFeaturePresent

user32

ShowWindow
RegisterDeviceNotificationW
CreateWindowExW
UpdateWindow
BeginPaint
DispatchMessageW
TranslateMessage
GetMessageW
SendMessageW
RegisterClassExW
LoadCursorW
DefWindowProcW
PostQuitMessage
EndPaint

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW

shell32

ShellExecuteW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

setupapi

CM_Get_Child
CM_Get_Sibling
CM_Get_DevNode_Registry_PropertyW
SetupDiGetClassDevsW
SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInterfaceDetailW
CM_Get_Device_IDW
CM_Get_Parent
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiDeleteDeviceInterfaceData

shlwapi

StrStrIW
SHDeleteKeyW

hid

HidD_GetHidGuid
HidD_GetPreparsedData
HidD_GetAttributes
HidD_FreePreparsedData
HidP_GetCaps

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

Exports

Exports

CheckDrv
RunInst
RunReg

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4dbdae1093034ae32486e283a62d855d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

userenv

wtsapi32

shell32

kernel32

advapi32

Sections

.text Size: 76KB - Virtual size: 76KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 872B

.reloc Size: 4KB - Virtual size: 4KB

3d6fa0661786a02d47cf846364fe5864

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

setupapi

shlwapi

hid

wininet

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 62KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 76KB - Virtual size: 76KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB