KBDNTL[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

KBDNTL.exe
Size

768KB
MD5

7ee4feeded88cb104448141ef375be8c
SHA1

e25f916c0771699d29f84963c3a2f86021c12c1c
SHA256

a4048f7d23b2860f1a26171bf257872cfb03e68100f560a109cffc1ea989fb71
SHA512

93e920ccb88230cc8342dbd3cad0fa8c2bdc8be5ffebbdc0f3a04d74bed8dce2cd8a7467791964f8f1e44d1d0b5ed1f90027618362c52929c71a736e052eea93
SSDEEP

12288:c26abQRZhqJWcWinrZiKwcZV7jljljq7XksXRHg:2abQR2oynr2cVNqTksX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

KBDNTL.exe

resource
KBDNTL.exe

Files

KBDNTL.exe
.exe windows:4 windows x86 arch:x86

23d5bb2a6e2b19bd858b59ed94c91c00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
MoveFileA
DeleteFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
FindClose
FindFirstFileA
LocalAlloc
GetFullPathNameA
CreateFileA
GetShortPathNameA
GetCPInfo
GetOEMCP
FileTimeToSystemTime
SystemTimeToFileTime
SetErrorMode
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileAttributesA
GetFileTime
LocalUnlock
LocalLock
GetTempFileNameA
GetDiskFreeSpaceA
RtlUnwind
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
ExitThread
CreateThread
HeapReAlloc
HeapSize
FatalAppExitA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetConsoleCtrlHandler
SetStdHandle
GetLocaleInfoW
SetEnvironmentVariableA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GlobalFlags
InterlockedIncrement
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
InterlockedDecrement
SetLastError
CopyFileA
MulDiv
GlobalSize
FormatMessageA
LocalFree
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
lstrcpynA
GlobalUnlock
GlobalFree
FreeResource
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
CloseHandle
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
CompareStringW
CompareStringA
lstrlenA
lstrcmpiW
lstrlenW
lstrcmpiA
GetVersion
MultiByteToWideChar
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetLastError
GetModuleHandleExA
GetProcAddress
GetVolumeInformationA
GetCurrentProcess

user32

GetWindowThreadProcessId
WaitMessage
DeleteMenu
GetSysColorBrush
DestroyIcon
GetDialogBaseUnits
TranslateAcceleratorA
SetMenu
BringWindowToTop
SetRectEmpty
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
ReuseDDElParam
UnpackDDElParam
LoadMenuA
GetKeyNameTextA
MapVirtualKeyA
IsRectEmpty
UnionRect
SetRect
KillTimer
IsClipboardFormatAvailable
MessageBeep
GetTabbedTextExtentA
GetDCEx
LockWindowUpdate
SetParent
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
wsprintfA
DestroyMenu
GetMenuItemInfoA
GetMenuStringA
InsertMenuA
RemoveMenu
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
ReleaseCapture
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetClassInfoA
RegisterClassA
UnregisterClassA
SetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
ModifyMenuA
DrawIcon
AppendMenuA
SendMessageA
GetSystemMenu
IsIconic
GetClientRect
SetTimer
EnableWindow
LoadIconA
GetSystemMetrics
CharLowerA
CharLowerW
CharUpperA
CharUpperW
InflateRect
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
LoadCursorA
WindowFromPoint
SetCapture
EndPaint
BeginPaint
OffsetRect
DrawFrameControl
DrawFocusRect
InvalidateRect
GetFocus
GetSysColor
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GetScrollRange
GrayStringA
PostMessageA
PostQuitMessage
SetCursor
ShowOwnedPopups
IsWindowEnabled
ValidateRect
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
SetForegroundWindow

gdi32

GetDCOrgEx
GetClipBox
SetTextColor
SetBkColor
GetObjectA
GetDeviceCaps
CopyMetaFileA
CreateDCA
CreateFontIndirectA
CreateCompatibleDC
BitBlt
ExtTextOutA
GetTextExtentPoint32A
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
ExcludeClipRect
IntersectClipRect
SetPixel
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
SetColorAdjustment
DeleteObject
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetTextMetricsA
CreateCompatibleBitmap
StretchDIBits
GetCharWidthA
CreateFontA
GetBkColor
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
TextOutA
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
CreateBitmap
RectVisible
PtVisible
StartDocA
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
Escape

comctl32

ImageList_Merge
ImageList_LoadImageA
ImageList_Create
ImageList_Destroy
ord14
ImageList_Write
ImageList_Read
ord13
ImageList_GetImageInfo
ImageList_Draw
ord17

shlwapi

PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
GetJobA
ClosePrinter

comdlg32

CommDlgExtendedError
GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ReplaceTextA
FindTextA
PageSetupDlgA
PrintDlgA
ChooseColorA

advapi32

GetFileSecurityA
SetFileSecurityA
RegCreateKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegSetValueA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetFileInfoA
DragFinish
DragQueryFileA
ExtractIconA

ole32

OleDuplicateData
WriteFmtUserTypeStg
WriteClassStg
ReleaseStgMedium
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
CoTaskMemAlloc
CoTaskMemFree
CoDisconnectObject
CoCreateInstance
StringFromGUID2
CLSIDFromString
SetConvertStg

oleaut32

SysFreeString
SysStringLen
SysAllocStringLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
SysReAllocStringLen
VarDateFromStr
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate

Sections

.text
Size: 412KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 236KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23d5bb2a6e2b19bd858b59ed94c91c00

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

shlwapi

oleacc

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 412KB - Virtual size: 408KB

.rdata Size: 84KB - Virtual size: 82KB

.data Size: 16KB - Virtual size: 29KB

.idata Size: 16KB - Virtual size: 15KB

.rsrc Size: 236KB - Virtual size: 233KB

.text
Size: 412KB - Virtual size: 408KB

.rdata
Size: 84KB - Virtual size: 82KB

.data
Size: 16KB - Virtual size: 29KB

.idata
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 236KB - Virtual size: 233KB