efb46f5091e8aab5f72a44983dd013f7640c7c4bf0146cdfc3d650a2afc28288N

Sharing

Copy URL Twitter E-mail

General

Target

efb46f5091e8aab5f72a44983dd013f7640c7c4bf0146cdfc3d650a2afc28288N
Size

1.4MB
MD5

f64672bf8bc9c1c74302d2fade43eed0
SHA1

dc2c1d6e435900db609dd1b98a004185d59364a0
SHA256

efb46f5091e8aab5f72a44983dd013f7640c7c4bf0146cdfc3d650a2afc28288
SHA512

33e347ee382226d1c2a87781f71bc6b522ac730899b04d877ecb01ea37d10c4595b2ab5d82081f13a3cce28efa264196a9376c2deefb0c483f8f0842eb4e071f
SSDEEP

24576:U44iccT3fnyNXW2GMCEEJXsqjnhMgeiCl7G0nehbGZpbD:rvd36skEtDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efb46f5091e8aab5f72a44983dd013f7640c7c4bf0146cdfc3d650a2afc28288N

Files

efb46f5091e8aab5f72a44983dd013f7640c7c4bf0146cdfc3d650a2afc28288N
.exe windows:6 windows x64 arch:x64

079fbaef0ee8e2db2cc4f234aefd3cee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\shirley\HidMonitorSvc.exe\01_DELL\G9_UWP\x64\release\HidMonitorSvc.pdb

Imports

setupapi

SetupDiGetDeviceInstanceIdW
SetupDiOpenClassRegKey
CM_Get_Device_ID_ListA
CM_Get_Device_ID_List_SizeA
CM_Locate_DevNodeA
CM_Locate_DevNodeW
CM_Open_DevNode_Key
CM_Reenumerate_DevNode
CM_Get_Device_Interface_ListA
CM_Get_Device_Interface_List_SizeA
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW

hid

HidD_GetHidGuid
HidD_GetAttributes
HidD_GetPreparsedData
HidD_FreePreparsedData
HidP_GetCaps

wtsapi32

WTSQueryUserToken
WTSQuerySessionInformationW
WTSFreeMemory

shlwapi

StrCmpW
PathFileExistsA
PathFileExistsW

user32

UnregisterDeviceNotification
MessageBoxW
RegisterDeviceNotificationW

kernel32

GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
DecodePointer
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
SetFilePointerEx
GetProcessHeap
SetConsoleCtrlHandler
CreateFileW
CloseHandle
EnumSystemLocalesW
WideCharToMultiByte
Sleep
SetEvent
ResetEvent
FlushFileBuffers
WaitForMultipleObjects
GetCurrentProcess
GetCurrentThread
SetThreadPriority
ResumeThread
CreateProcessA
GetFileSizeEx
GetConsoleCP
SetPriorityClass
GetTickCount64
GetSystemDirectoryA
GetSystemDirectoryW
GetWindowsDirectoryA
GetVersionExW
FreeLibrary
GetModuleFileNameA
GetProcAddress
LoadLibraryW
GetConsoleMode
ReadFile
WTSGetActiveConsoleSessionId
CreateEventW
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
OutputDebugStringW
SetStdHandle
ReadConsoleW
WriteConsoleW
MultiByteToWideChar
LCMapStringW
CompareStringW
ExpandEnvironmentStringsW
lstrlenW
SetEndOfFile
GetTimeFormatW
CreateFileA
GetDateFormatW
InitOnceExecuteOnce
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
LCMapStringEx
EncodePointer
GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
__C_specific_handler
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
HeapSize
GetFileType
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW

advapi32

StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegEnumKeyExW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
SetTokenInformation
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
RegEnumValueW
RegOpenKeyExW
RegCloseKey

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 624KB - Virtual size: 624KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

079fbaef0ee8e2db2cc4f234aefd3cee

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

hid

wtsapi32

shlwapi

user32

kernel32

advapi32

userenv

Sections

.text Size: 624KB - Virtual size: 624KB

.rdata Size: 165KB - Virtual size: 165KB

.data Size: 8KB - Virtual size: 18KB

.pdata Size: 34KB - Virtual size: 33KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 624KB - Virtual size: 624KB

.rdata
Size: 165KB - Virtual size: 165KB

.data
Size: 8KB - Virtual size: 18KB

.pdata
Size: 34KB - Virtual size: 33KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 568KB - Virtual size: 572KB