General

Malware Config

Signatures

Files

• usfive_20220301-230855

  .exe windows x86

  e0099c0ba3b564d2d3b0381e49f6db7c

  
  

  Code Sign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  LoadLibraryA

  GetComputerNameExW

  WriteProfileSectionW

  GetNumaHighestNodeNumber

  FindFirstVolumeW

  SetConsoleCursorInfo

  HeapLock

  FindFirstChangeNotificationA

  WaitForMultipleObjects

  GetNamedPipeHandleStateW

  FileTimeToDosDateTime

  EnumResourceTypesW

  EnumResourceNamesW

  ExitProcess

  TerminateThread

  ReleaseActCtx

  GetVersionExW

  VerifyVersionInfoA

  GetConsoleOutputCP

  SetEvent

  FindNextFileW

  GetConsoleAliasesLengthA

  GetCompressedFileSizeW

  CopyFileExA

  BuildCommDCBAndTimeoutsW

  ReadConsoleOutputCharacterW

  SetDefaultCommConfigA

  VerLanguageNameA

  _hread

  GetCommConfig

  WritePrivateProfileStructW

  FreeEnvironmentStringsW

  CreateTimerQueue

  FindVolumeClose

  ResetWriteWatch

  WriteConsoleInputA

  CancelWaitableTimer

  SetComputerNameExA

  FindAtomA

  ReleaseMutex

  LocalUnlock

  CallNamedPipeW

  VirtualProtect

  GlobalAlloc

  TlsGetValue

  GetCommandLineW

  InterlockedIncrement

  CopyFileW

  AddRefActCtx

  OutputDebugStringW

  FormatMessageW

  GetPriorityClass

  WritePrivateProfileStringA

  GetUserDefaultLCID

  GlobalWire

  GetVersionExA

  HeapValidate

  GetWindowsDirectoryA

  GetStartupInfoW

  ConnectNamedPipe

  GetCPInfoExA

  GetSystemWindowsDirectoryA

  GetSystemWow64DirectoryA

  GetLastError

  GetCalendarInfoA

  DebugBreak

  SetLastError

  OpenFileMappingA

  ContinueDebugEvent

  GlobalFix

  GetOEMCP

  GetConsoleAliasA

  GetPrivateProfileIntW

  ReadConsoleInputW

  InterlockedDecrement

  DefineDosDeviceW

  SetVolumeMountPointW

  SetThreadAffinityMask

  SetConsoleActiveScreenBuffer

  GetExitCodeProcess

  EnumResourceNamesA

  GetCPInfoExW

  GetThreadContext

  lstrlenA

  GetLongPathNameW

  LoadLibraryW

  ReadConsoleW

  WriteConsoleA

  GetComputerNameW

  InterlockedFlushSList

  DeleteCriticalSection

  GetDriveTypeA

  GetFileAttributesExA

  GetVolumePathNameW

  GetConsoleMode

  GetComputerNameA

  ProcessIdToSessionId

  ReadProcessMemory

  MoveFileExW

  DisableThreadLibraryCalls

  CreateIoCompletionPort

  FormatMessageA

  InterlockedExchangeAdd

  WaitNamedPipeA

  LoadModule

  GetPrivateProfileStructA

  GlobalReAlloc

  GetSystemTimeAsFileTime

  GetLocalTime

  EnumCalendarInfoExW

  OpenSemaphoreA

  GetMailslotInfo

  GetCommMask

  lstrcpyA

  VerLanguageNameW

  LockFile

  EndUpdateResourceW

  CreateConsoleScreenBuffer

  GetConsoleAliasW

  GetWindowsDirectoryW

  GetProfileStringA

  GetQueuedCompletionStatus

  AllocConsole

  GetNumaProcessorNode

  CreateMailslotW

  SetCommState

  CheckRemoteDebuggerPresent

  GetSystemTimeAdjustment

  _lread

  GetConsoleAliasExesLengthW

  GetWriteWatch

  GetPrivateProfileStringA

  GetModuleHandleA

  HeapWalk

  WriteConsoleInputW

  LocalFileTimeToFileTime

  GetFileInformationByHandle

  GetProfileStringW

  MoveFileW

  CreateActCtxW

  GetUserDefaultLangID

  LocalLock

  SetCommMask

  GetDevicePowerState

  SetFileApisToANSI

  OpenWaitableTimerA

  SetProcessShutdownParameters

  PeekNamedPipe

  FillConsoleOutputCharacterA

  FindNextVolumeMountPointA

  SetThreadPriority

  DeleteAtom

  AddAtomA

  WriteConsoleOutputCharacterW

  QueryDosDeviceA

  InitializeCriticalSection

  GetConsoleAliasExesA

  GetBinaryTypeA

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  MoveFileA

  RaiseException

  GetCommandLineA

  GetStartupInfoA

  IsBadReadPtr

  EnterCriticalSection

  LeaveCriticalSection

  GetModuleFileNameW

  TerminateProcess

  GetCurrentProcess

  IsDebuggerPresent

  GetModuleHandleW

  Sleep

  GetProcAddress

  GetModuleFileNameA

  WriteFile

  GetStdHandle

  QueryPerformanceCounter

  GetTickCount

  GetCurrentThreadId

  GetCurrentProcessId

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  WideCharToMultiByte

  GetEnvironmentStringsW

  SetHandleCount

  GetFileType

  TlsAlloc

  TlsSetValue

  TlsFree

  HeapDestroy

  HeapCreate

  HeapFree

  VirtualFree

  HeapAlloc

  HeapSize

  HeapReAlloc

  VirtualAlloc

  GetACP

  GetCPInfo

  IsValidCodePage

  RtlUnwind

  InitializeCriticalSectionAndSpinCount

  OutputDebugStringA

  WriteConsoleW

  MultiByteToWideChar

  LCMapStringA

  LCMapStringW

  GetStringTypeA

  GetStringTypeW

  GetLocaleInfoA

  SetFilePointer

  GetConsoleCP

  SetStdHandle

  CreateFileA

  CloseHandle

  FlushFileBuffers

  user32

  CharToOemBuffW

  Sections

  .text

  Size: 147KB - Virtual size: 146KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 177KB - Virtual size: 39.0MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 56KB - Virtual size: 55KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 80KB - Virtual size: 79KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ