Photoshop[.]rar

Sharing

Copy URL Twitter E-mail

Reason

too many matches

General

Target

Photoshop.rar
Size

4.9MB
MD5

cd7348f3adecaf7cd421b4e84b9c7c97
SHA1

b874f4d1ccbe2e8b57c215746e8068a64ed8e812
SHA256

a4bd71e774488188cad6ffcc307b3f9b1277a11e648d3e605ef522fb61a84ec7
SHA512

5a9a4abe38f8eaf73b2c6aca3c52310178440e8eff19e5a115bc196ac35321967063f352932fb5a2d2f57b4205aeac5eb5c869f60d0b2fdb3c06e4ce06a47a90
SSDEEP

98304:VZTRkU9XSib3meXktplxg7Ob0g/EITVAxyVpdJd8RcTvzr/A/vct:VXPXSrXlxg6bhEIn37d5Tvzs3c

Score

N/A

Malware Config

Signatures

Files

Photoshop.rar
.rar

Password: wesoft2022
Dlls/177WOZTX4LRLOM.dll
Dlls/1CM4O.dll
Dlls/1W5VP.bin
Dlls/1YZQP1W3FLEYN5JPW.dat
Dlls/20QVR.dat
Dlls/3EAUAUYXCWLO45IL.dat
Dlls/4QIEZA7.bin
Dlls/5F0MKCF5XG.bin
Dlls/5J1074NJ.dat
Dlls/62NAVKRW.bin
Dlls/6S3PMRNLTTCDD.bin
Dlls/6WWMEFYQMTH.bin
Dlls/770AR1.dll
Dlls/7HULHJXPKMJOT0.dll
Dlls/7L6RFT7.dat
Dlls/AWD46QYQCWJRXVJ9U.dat
Dlls/AppxPackageManager.admx
Dlls/B6VF23OLVQUREWOCZ.bin
Dlls/BAMLYJ0QDZ1.dll
Dlls/BHFQLQM3.dat
Dlls/BKKAI0H8HH.bin
Dlls/BT0PSOX74LY9K2K3M3S.dll
Dlls/CGK9RGGHI27DF.bin
Dlls/CS2FA6DQ.dll
Dlls/DKTY74.dll
Dlls/DiskDiagnostic.admx
Dlls/ECAOC5Q1ODCL.bin
Dlls/EYG9G80N8WMBS.bin
Dlls/EdgeUI.admx
Dlls/F64SW1X91JZQG5QDE.dll
Dlls/F7L77YCG3MCMCAQD.dat
Dlls/FileRecovery.admx
Dlls/GFRRZNMS7.dll
Dlls/GKQ4T25C2TUJXKNZR.dll
Dlls/I864NI74.dat
Dlls/IMX8GH0KIXB8DPE.bin
Dlls/ISQ127QJ9EJFQBM9L.dll
Dlls/J08SW.dat
Dlls/JIQQH71W0R13WEXEG.dat
Dlls/JS8F6.bin
Dlls/JW6H1YPPEAWUB88M8K0.dll
Dlls/KPAUOA8DL15II5SZVP.dll
Dlls/LMJ7L.bin
Dlls/LZVQCYM2B2QVI.dll
Dlls/MMC.admx
Dlls/MsSp7he.lex
.dll windows x64

Password: wesoft2022

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Dlls/Msi-FileRecovery.admx
Dlls/NHY83QWZ8.dat
Dlls/O2UVRGMCMYALKBP7.dat
Dlls/O93WPQJ.dll
Dlls/OKYGZ16ZNR5.dat
Dlls/OPC4LZU37CFSSU.dll
Dlls/OQALAH4GZKJ7PAJW.dll
Dlls/P0IS49V.dll
Dlls/Q02NIAPFHDPMT.bin
Dlls/Q7J48FH12SSCWYBF.dll
Dlls/QEEY4.dll
Dlls/QER3GV1CX8MAMX8TC.bin
Dlls/QINMS5VXA.bin
Dlls/QM764KO4X.bin
Dlls/QUM45OYU.dll
Dlls/R89KJFHF09446U26BG.bin
Dlls/R9XGKOOTWOWXNF.dat
Dlls/RU3GTSD5SUO4EI24M.dll
Dlls/SH5KBEKQL.bin
Dlls/TC2GTCSJJN1UIX.bin
Dlls/TKSPMR.bin
Dlls/TSPU9BIO87B7IPCJLQ.bin
Dlls/TUUE46NOA.dll
Dlls/TVPMA4ZSC7OF61RL9X.dat
Dlls/UTMM9UWV.dll
Dlls/VAWODN2JU48TK7WP.dat
Dlls/WDI.admx
Dlls/X82KNRE4.dll
Dlls/Y87IJAQ.bin
Dlls/YLL2GIDO.dll
Dlls/Z7ZHIN3O4O0W28XKN4.bin
Dlls/bhkspex.x64
.dll regsvr32 windows x64

Password: wesoft2022

c2b63eb78a633a8cf029f36d00413c44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

??3@YAXPEAX@Z
??2@YAPEAX_K@Z
sprintf
_vsnwprintf
memcmp
memcpy
memset
wcsncat

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2

comctl32

ImageList_Destroy
ImageList_Create

comdlg32

GetSaveFileNameA
GetOpenFileNameA

user32

GetDesktopWindow
GetWindowRect
LoadStringW
DefWindowProcW
GetWindowLongW
SetWindowLongW
DestroyWindow
InvalidateRect
MoveWindow
CreateDialogParamW
GetWindowLongPtrW
GetDlgItemInt
SetTimer
SendDlgItemMessageA
KillTimer
SendMessageA
SetDlgItemInt
GetWindowLongA
GetDlgItem
CheckDlgButton
ShowWindow
IsDlgButtonChecked
EnableWindow
SetDlgItemTextA
SetWindowLongPtrW
MessageBoxA

kernel32

RtlVirtualUnwind
SetUnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
RtlCaptureContext
GetSystemTimeAsFileTime
TerminateProcess
RtlLookupFunctionEntry
GetFileSize
GetTickCount
GetCurrentThreadId
GetCurrentProcess
UnhandledExceptionFilter
FreeLibrary
GetModuleFileNameA
GetLastError
lstrlenA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
CreateFileA
DisableThreadLibraryCalls
WriteFile
GetFileAttributesA
ReadFile
CloseHandle
GetVersionExW

advapi32

RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyW
RegSetValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCloseKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dlls/saa713x.sys
.exe windows x86

Password: wesoft2022

dccc7d9930f7acdf7504c66ef621047a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hal

KeGetCurrentIrql
KeStallExecutionProcessor
KeQueryPerformanceCounter
KfReleaseSpinLock
KfAcquireSpinLock

ntoskrnl.exe

KeRemoveQueueDpc
memmove
KeWaitForMultipleObjects
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwClose
RtlDeleteRegistryValue
IoOpenDeviceInterfaceRegistryKey
ZwSetValueKey
RtlInitUnicodeString
RtlFreeUnicodeString
RtlStringFromGUID
ZwCreateKey
strchr
IoOpenDeviceRegistryKey
wcsstr
KeSetEvent
ExFreePool
IoGetDeviceInterfaces
KeInitializeDpc
ZwQueryValueKey
KeSetTimer
KeCancelTimer
KeSetTimerEx
KeInitializeTimer
PsTerminateSystemThread
ObReferenceObjectByHandle
PsCreateSystemThread
ZwQueryInformationFile
ZwCreateFile
ZwReadFile
strncmp
IoGetCurrentProcess
_stricmp
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeTickCount
KeBugCheckEx
KeClearEvent
RtlUnwind
KeInsertQueueDpc
KeSynchronizeExecution
WRITE_REGISTER_UCHAR
WRITE_REGISTER_USHORT
WRITE_REGISTER_ULONG
READ_REGISTER_UCHAR
READ_REGISTER_USHORT
READ_REGISTER_ULONG
ExAllocatePoolWithTag
ExFreePoolWithTag
IoIsWdmVersionAvailable
IoGetDeviceProperty
IoGetDmaAdapter
IoGetAttachedDeviceReference
IoBuildSynchronousFsdRequest
ObfDereferenceObject
IofCallDriver
MmUnmapIoSpace
MmMapIoSpace
IofCompleteRequest
KeReleaseMutex
KeWaitForSingleObject
KeInitializeMutex
_vsnprintf
KeInitializeSpinLock
KeInitializeEvent
memcpy
RtlCompareMemory
memset
InterlockedDecrement
InterlockedIncrement
KeDelayExecutionThread
InterlockedExchange
_wcslwr
MmGetSystemRoutineAddress
IoConnectInterrupt
IoDisconnectInterrupt
KeQueryActiveProcessors

ks.sys

KsAcquireDevice
KsCreateFilterFactory
KsReleaseDevice
KsFilterFactoryUpdateCacheData
KsDeviceRegisterAdapterObject
KsGetOuterUnknown
KsInitializeDriver
KsGetDeviceForDeviceObject
KsStreamPointerClone
KsPinAcquireProcessingMutex
KsPinReleaseProcessingMutex
KsStreamPointerDelete
KsPinGetParentFilter
KsGetFilterFromIrp
KsGetDevice
KsPinGetAndGate
KsPinAttemptProcessing
KsGetPinFromIrp
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerAdvance
KsStreamPointerUnlock
_KsEdit
KsPinGetReferenceClockInterface

bdasup.sys

BdaValidateNodeProperty
BdaInitFilter
BdaCreateFilterFactoryEx
BdaCommitChanges
BdaGetChangeState
BdaCheckChanges
BdaStartChanges
BdaFilterFactoryUpdateCacheData

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dlls/ttm6010.sys
.exe windows x86

Password: wesoft2022

1e8df125497f0e9c4f965b821e5f1dcb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcslwr
ExFreePool
IoGetDeviceInterfaces
ZwQueryValueKey
KeSetEvent
KeReleaseMutex
KeSetTimer
KeCancelTimer
ObfDereferenceObject
PsTerminateSystemThread
KeWaitForSingleObject
ZwQueryInformationFile
strncmp
KeInitializeMutex
KeInitializeTimer
KeInitializeDpc
wcsstr
PsCreateSystemThread
_stricmp
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IofCallDriver
IoBuildDeviceIoControlRequest
IoCancelIrp
memmove
IoAllocateIrp
IoFreeIrp
KeInsertQueueDpc
KeRemoveQueueDpc
KeTickCount
KeBugCheckEx
IoIsWdmVersionAvailable
RtlUnwind
IoOpenDeviceRegistryKey
strchr
ZwCreateKey
RtlStringFromGUID
RtlFreeUnicodeString
ZwSetValueKey
IoOpenDeviceInterfaceRegistryKey
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
IofCompleteRequest
KeClearEvent
KeWaitForMultipleObjects
ZwWriteFile
KeInitializeEvent
RtlInitUnicodeString
ZwCreateFile
ZwReadFile
ObReferenceObjectByHandle
ZwClose
IoGetDeviceProperty
KeDelayExecutionThread
toupper
_vsnprintf
KeInitializeSpinLock
InterlockedDecrement
InterlockedIncrement
memset
InterlockedExchange
memcpy
IoGetCurrentProcess
RtlCompareMemory

hal

KeStallExecutionProcessor
KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

ks.sys

KsInitializeDriver
KsGetDeviceForDeviceObject
KsAcquireDevice
KsCreateFilterFactory
KsReleaseDevice
KsFilterFactoryUpdateCacheData
KsPinGetAndGate
KsPinAttemptProcessing
KsStreamPointerClone
KsStreamPointerDelete
KsPinAcquireProcessingMutex
KsPinReleaseProcessingMutex
KsGetPinFromIrp
KsPinGetParentFilter
KsGetFilterFromIrp
KsGetDevice
_KsEdit
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerAdvance
KsStreamPointerUnlock
KsPinGetReferenceClockInterface

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

bdasup.sys

BdaFilterFactoryUpdateCacheData
BdaValidateNodeProperty
BdaGetChangeState
BdaCommitChanges
BdaCheckChanges
BdaStartChanges
BdaInitFilter
BdaCreateFilterFactoryEx

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
applicationsetup.exe
.exe windows x86

Password: wesoft2022

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Signatures

Files

Password: wesoft2022

Password: wesoft2022

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 4.4MB - Virtual size: 4.4MB

Password: wesoft2022

c2b63eb78a633a8cf029f36d00413c44

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ole32

comctl32

comdlg32

user32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 79KB - Virtual size: 79KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 1024B - Virtual size: 932B

Password: wesoft2022

dccc7d9930f7acdf7504c66ef621047a

Headers

DLL Characteristics

File Characteristics

Imports

hal

ntoskrnl.exe

ks.sys

bdasup.sys

Sections

.text Size: 172KB - Virtual size: 172KB

.rdata Size: 103KB - Virtual size: 103KB

.data Size: 2KB - Virtual size: 1KB

PAGE Size: 512B - Virtual size: 416B

INIT Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 12KB - Virtual size: 11KB

Password: wesoft2022

1e8df125497f0e9c4f965b821e5f1dcb

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

ks.sys

usbd.sys

bdasup.sys

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 1KB - Virtual size: 1KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 5KB

Password: wesoft2022

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rsrc Size: 139KB - Virtual size: 138KB

.rsrc
Size: 4.4MB - Virtual size: 4.4MB

.text
Size: 79KB - Virtual size: 79KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 1024B - Virtual size: 932B

.text
Size: 172KB - Virtual size: 172KB

.rdata
Size: 103KB - Virtual size: 103KB

.data
Size: 2KB - Virtual size: 1KB

PAGE
Size: 512B - Virtual size: 416B

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 1KB - Virtual size: 1KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rsrc
Size: 139KB - Virtual size: 138KB

.reloc
Size: 512B - Virtual size: 12B