CH341SER[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

CH341SER.zip
Size

179KB
MD5

b9038b9be77a70dd411f1c9879851144
SHA1

7a1ccaa434c6db4da6656aed52f52bd49792825d
SHA256

3624cf160343c2bfcf8fff28b28b1ca42f10734943bc0517be8a61bfc0e353fd
SHA512

b96aa73bca4920c19d1a443736a041c8c45de8c2972380fc131a6fbe718ed13c0fbaa5214735613279621b9442fc937e0a0dc5c88c0b8c7636ed03b45e9ce37e
SSDEEP

3072:d22ZmpIQI0cxJAIDNvjMFu8zAFPwLW3SoIStskGgdUZYd9MgJg1V2dZ:o2ZmVVc4IxvI9z0bSJSt31dUW9t618H

Score

1^/10

Malware Config

Signatures

Files

CH341SER.zip
.zip
CH341PT.DLL
.dll windows x86

f94cd55198e70e43ac10995641c12ba4

Code Sign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/09/2018, 19:45

Not After

20/09/2019, 19:45

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:43:5a:3d:17:7f:4e:40:58:6d:c3:07:32:6d:50:cb:9b:34:b6:42:51:21:20:f5:24:8d:cb:aa:b2:47:b8:a6
Signer

Actual PE Digest

c5:43:5a:3d:17:7f:4e:40:58:6d:c3:07:32:6d:50:cb:9b:34:b6:42:51:21:20:f5:24:8d:cb:aa:b2:47:b8:a6

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

02/02/2023, 17:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileA
GetModuleHandleA
GetCommProperties

user32

DefWindowProcA
CharUpperBuffA
ShowWindow
CreateWindowExA
RegisterClassA
DestroyWindow
UnregisterClassA

Exports

Exports

CH341PtGetVersion
CH341PtHandleIsCH341
CH341PtNameIsCH341
CH341PtSetDevNotify

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CH341S64.SYS
.exe windows x64

dc95c3a5cfd9c34113dba61358c32037

Code Sign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/09/2018, 19:45

Not After

20/09/2019, 19:45

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:03:2d:39:3d:23:24:7c:15:2c:26:40:f4:5c:dc:7e:83:9a:ce:bf:d8:bc:02:a7:00:3a:c5:d5:66:9c:49:11
Signer

Actual PE Digest

20:03:2d:39:3d:23:24:7c:15:2c:26:40:f4:5c:dc:7e:83:9a:ce:bf:d8:bc:02:a7:00:3a:c5:d5:66:9c:49:11

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

02/02/2023, 17:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeWaitForSingleObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
ExFreePoolWithTag
ExAllocatePool
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
KeClearEvent
KeInsertQueueDpc
KeRemoveQueueDpc
KeCancelTimer
ZwQueryValueKey
RtlInitUnicodeString
RtlQueryRegistryValues
PsTerminateSystemThread
KeSetPriorityThread
KeDelayExecutionThread
PoRequestPowerIrp
KeSetTimer
ZwClose
PsCreateSystemThread
IoDeleteDevice
IoGetConfigurationInformation
KeSetEvent
IoDeleteSymbolicLink
RtlDeleteRegistryValue
RtlFreeUnicodeString
IoSetDeviceInterfaceState
KeWaitForMultipleObjects
IoRegisterDeviceInterface
RtlWriteRegistryValue
IoCreateSymbolicLink
IoOpenDeviceRegistryKey
KeInitializeDpc
KeInitializeTimer
IoAttachDeviceToDeviceStack
IoCreateDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
ExReleaseFastMutex
ExAcquireFastMutex
IoFreeWorkItem
PoSetPowerState
PoCallDriver
IoWMIRegistrationControl
IoAllocateWorkItem
DbgPrint
KeBugCheckEx
IofCallDriver
PoStartNextPowerIrp
IoQueueWorkItem
IofCompleteRequest
IoDetachDevice
RtlGetVersion

wmilib.sys

WmiSystemControl
WmiCompleteRequest

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CH341S98.SYS
.dll windows x86

5bd26fa42f206fa9e2851e44a902d4c4

Code Sign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/09/2018, 19:45

Not After

20/09/2019, 19:45

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:0c:22:20:dc:c3:e1:74:5e:f8:68:ec:69:4a:02:98:6b:8c:ff:a1:0d:9f:93:94:9f:10:16:1b:d1:9d:80:87
Signer

Actual PE Digest

11:0c:22:20:dc:c3:e1:74:5e:f8:68:ec:69:4a:02:98:6b:8c:ff:a1:0d:9f:93:94:9f:10:16:1b:d1:9d:80:87

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

02/02/2023, 17:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

KeDelayExecutionThread
ZwClose
PsCreateSystemThread
IoRegisterDeviceInterface
KeInitializeEvent
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
KeSetEvent
IoDetachDevice
IofCompleteRequest
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
ExFreePool
PoRequestPowerIrp
PoCallDriver
PoStartNextPowerIrp
PoSetPowerState
IofCallDriver
RtlFreeUnicodeString
IoSetDeviceInterfaceState
ObfReferenceObject
RtlInitUnicodeString
IoBuildDeviceIoControlRequest
KeClearEvent
PsTerminateSystemThread
RtlCompareMemory
KeSetPriorityThread
KeGetCurrentThread
KeWaitForMultipleObjects
RtlQueryRegistryValues
ExAllocatePool
KeWaitForSingleObject
memmove

usbd.sys

_USBD_CreateConfigurationRequestEx@8
_USBD_ParseConfigurationDescriptorEx@28

Exports

Exports

CH341S98_StartRequest

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 96B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 864B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 736B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CH341SER.CAT
CH341SER.INF
CH341SER.SYS
.exe windows x86

73c8269d81f961df8a757e8e8dec8095

Code Sign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/09/2018, 19:45

Not After

20/09/2019, 19:45

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:78:08:94:a8:fc:54:b6:cb:86:2f:ea:06:10:fb:04:1e:b6:dc:95:f7:b9:ae:56:3d:13:ea:de:67:58:a6:71
Signer

Actual PE Digest

0f:78:08:94:a8:fc:54:b6:cb:86:2f:ea:06:10:fb:04:1e:b6:dc:95:f7:b9:ae:56:3d:13:ea:de:67:58:a6:71

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

02/02/2023, 17:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoReleaseCancelSpinLock
InterlockedExchangeAdd
IoAcquireCancelSpinLock
InterlockedCompareExchange
KeClearEvent
KeInsertQueueDpc
KeRemoveQueueDpc
KeCancelTimer
ZwQueryValueKey
RtlInitUnicodeString
RtlQueryRegistryValues
memmove
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
KeDelayExecutionThread
PoRequestPowerIrp
KeSetTimer
KeQuerySystemTime
_allmul
ZwClose
PsCreateSystemThread
IoDeleteDevice
IoGetConfigurationInformation
IoDetachDevice
InterlockedIncrement
RtlDeleteRegistryValue
RtlFreeUnicodeString
InterlockedExchange
KeWaitForMultipleObjects
IoRegisterDeviceInterface
RtlWriteRegistryValue
IoCreateSymbolicLink
IoOpenDeviceRegistryKey
KeInitializeDpc
KeInitializeTimer
KeInitializeSpinLock
IoAttachDeviceToDeviceStack
IoCreateDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
IoFreeWorkItem
PoSetPowerState
PoCallDriver
IoWMIRegistrationControl
IoAllocateWorkItem
DbgPrint
KeTickCount
KeBugCheckEx
KeInitializeEvent
IoBuildDeviceIoControlRequest
KeWaitForSingleObject
InterlockedDecrement
KeSetEvent
IofCallDriver
IoQueueWorkItem
ExAllocatePool
IoSetDeviceInterfaceState
ExFreePool
PoStartNextPowerIrp
IoDeleteSymbolicLink
IofCompleteRequest

hal

ExReleaseFastMutex
KfAcquireSpinLock
ExAcquireFastMutex
KfReleaseSpinLock
KfRaiseIrql
KfLowerIrql

wmilib.sys

WmiSystemControl
WmiCompleteRequest

usbd.sys

_USBD_CreateConfigurationRequestEx@8
_USBD_ParseConfigurationDescriptorEx@28

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 603B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 896B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CH341SER.VXD
DRVSETUP64/DRVSETUP64.exe
.exe windows x64

0bfb8dbeab857c5b02bfe9ad3caf6c52

Code Sign

33:00:00:00:c4:6e:76:d0:4d:3d:fe:a9:65:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:2137-37A0-4AAA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:31:7c:61:d4:61:15:ce:ba:6a:00:01:00:00:00:31
Certificate

Issuer

CN=Microsoft Windows Hardware Compatibility PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/06/2018, 17:24

Not After

29/05/2019, 17:24

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:38:2e:50:e8:6a:98:9d:95:7f:00:00:00:00:00:38
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

04/06/2012, 21:05

Not After

04/06/2020, 21:15

Subject

CN=Microsoft Windows Hardware Compatibility PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:58:4c:08:4c:80:a1:c8:d5:61:00:00:00:00:00:58
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/11/2017, 19:18

Not After

01/11/2018, 19:18

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c9:80:24:02:db:2c:02:12:79:eb:1c:f7:04:db:bc:d3:13:2b:78:64:77:0c:43:11:60:41:6a:eb:c2:6e:4f:d2
Signer

Actual PE Digest

c9:80:24:02:db:2c:02:12:79:eb:1c:f7:04:db:bc:d3:13:2b:78:64:77:0c:43:11:60:41:6a:eb:c2:6e:4f:d2

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

02/02/2023, 17:54
Valid: false

c3:a8:73:53:d6:3f:89:31:79:a2:19:f6:dd:b4:6e:b5:3a:75:e5:42
Signer

Actual PE Digest

c3:a8:73:53:d6:3f:89:31:79:a2:19:f6:dd:b4:6e:b5:3a:75:e5:42

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

21/07/2018, 06:43
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__set_app_type
_fmode
_commode
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
vsprintf
sprintf
strstr
strrchr
memcpy
strchr
_stricmp
memset
_findfirst
_findnext
_findclose

kernel32

RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetVersionExA
RtlLookupFunctionEntry
QueryPerformanceCounter
FormatMessageA
GetModuleHandleA
GetCurrentProcess
WinExec
GetFileAttributesA
GetUserDefaultLangID
CreateThread
CloseHandle
GetSystemInfo
GetStartupInfoA
CopyFileA
GetWindowsDirectoryA
Sleep
lstrlenA
GetPrivateProfileSectionA
GetPrivateProfileStringA
FreeLibrary
GetProcAddress
SetLastError
LoadLibraryA
GetVersion
DeleteFileA
GetSystemDirectoryA
GetLastError
GetCurrentDirectoryA
LocalAlloc
LocalFree
RtlCaptureContext

user32

SetDlgItemTextA
DefWindowProcA
SendMessageA
GetWindowTextA
EnumChildWindows
FindWindowExA
SendDlgItemMessageA
MessageBoxA
EndDialog
CharUpperA
SetWindowTextA
IsDlgButtonChecked
UpdateWindow
EnableWindow
GetDlgItem
LoadIconA
ShowWindow
DialogBoxParamA

comctl32

ord17

setupapi

CM_Locate_DevNodeA
SetupDefaultQueueCallbackA
SetupDiGetDeviceRegistryPropertyA
SetupDiSetDeviceRegistryPropertyA
SetupDiDestroyDriverInfoList
SetupDiGetDriverInfoDetailA
SetupDiEnumDriverInfoA
SetupDiBuildDriverInfoList
SetupCloseInfFile
SetupDiGetActualSectionToInstallA
SetupOpenInfFileA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupTermDefaultQueueCallback
SetupCloseFileQueue
SetupCommitFileQueueA
SetupInstallFilesFromInfSectionA
SetupInitDefaultQueueCallbackEx
SetupOpenFileQueue
SetupDiCallClassInstaller
SetupCopyOEMInfA
CM_Reenumerate_DevNode

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SETUP.EXE
.exe windows x86

e44b26a105405bedef6a117a83211220

Code Sign

33:00:00:00:c4:6e:76:d0:4d:3d:fe:a9:65:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:2137-37A0-4AAA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:31:7c:61:d4:61:15:ce:ba:6a:00:01:00:00:00:31
Certificate

Issuer

CN=Microsoft Windows Hardware Compatibility PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/06/2018, 17:24

Not After

29/05/2019, 17:24

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:38:2e:50:e8:6a:98:9d:95:7f:00:00:00:00:00:38
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

04/06/2012, 21:05

Not After

04/06/2020, 21:15

Subject

CN=Microsoft Windows Hardware Compatibility PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:58:4c:08:4c:80:a1:c8:d5:61:00:00:00:00:00:58
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/11/2017, 19:18

Not After

01/11/2018, 19:18

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:3b:e2:3b:4a:97:1a:04:3f:cc:17:a3:0b:2d:a4:05:31:70:7a:4b:05:c6:7a:a0:18:1d:82:37:58:6a:e8:5b
Signer

Actual PE Digest

4d:3b:e2:3b:4a:97:1a:04:3f:cc:17:a3:0b:2d:a4:05:31:70:7a:4b:05:c6:7a:a0:18:1d:82:37:58:6a:e8:5b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

02/02/2023, 17:54
Valid: false

60:8f:14:90:9a:cc:9c:1d:8b:27:bd:0a:55:cb:5a:02:0f:bc:d3:60
Signer

Actual PE Digest

60:8f:14:90:9a:cc:9c:1d:8b:27:bd:0a:55:cb:5a:02:0f:bc:d3:60

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

21/07/2018, 06:43
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
SetFilePointer
lstrlenA
GetSystemInfo
GetFileAttributesA
GetWindowsDirectoryA
GetVersionExA
GetUserDefaultLangID
WinExec
GetCurrentDirectoryA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
CreateThread
Sleep
LoadLibraryA
GetPrivateProfileSectionA
GetPrivateProfileStringA
DeleteFileA
CopyFileA
SetLastError
LocalAlloc
CloseHandle
FreeLibrary
GetVersion
GetSystemDirectoryA
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
HeapReAlloc
VirtualAlloc
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetLastError
LocalFree
FormatMessageA
GetTimeZoneInformation
HeapAlloc
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
SetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FindFirstFileA
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetStartupInfoA
GetCommandLineA
ExitProcess
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
InterlockedDecrement
InterlockedIncrement
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA

user32

UpdateWindow
CharUpperA
IsDlgButtonChecked
EnableWindow
FindWindowExA
EnumChildWindows
GetWindowTextA
SetDlgItemTextA
DefWindowProcA
GetDlgItem
ShowWindow
LoadIconA
SetWindowTextA
SendMessageA
EndDialog
MessageBoxA
DialogBoxParamA
SendDlgItemMessageA

comctl32

ord17

cfgmgr32

CM_Reenumerate_DevNode
CM_Locate_DevNodeA

setupapi

SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoA
SetupDiGetDriverInfoDetailA
SetupDiDestroyDriverInfoList
SetupDiSetDeviceRegistryPropertyA
SetupDefaultQueueCallbackA
SetupDiGetActualSectionToInstallA
SetupOpenFileQueue
SetupInitDefaultQueueCallbackEx
SetupInstallFilesFromInfSectionA
SetupCommitFileQueueA
SetupCloseFileQueue
SetupCloseInfFile
SetupTermDefaultQueueCallback
SetupCopyOEMInfA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
SetupOpenInfFileA

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f94cd55198e70e43ac10995641c12ba4

Code Sign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6dCertificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

c5:43:5a:3d:17:7f:4e:40:58:6d:c3:07:32:6d:50:cb:9b:34:b6:42:51:21:20:f5:24:8d:cb:aa:b2:47:b8:a6Signer

Signature Validations

Verification

02/02/2023, 17:54 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 96B

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 512B - Virtual size: 112B

dc95c3a5cfd9c34113dba61358c32037

Code Sign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6dCertificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

20:03:2d:39:3d:23:24:7c:15:2c:26:40:f4:5c:dc:7e:83:9a:ce:bf:d8:bc:02:a7:00:3a:c5:d5:66:9c:49:11Signer

Signature Validations

Verification

02/02/2023, 17:54 Valid: false

Headers

File Characteristics

Imports

ntoskrnl.exe

wmilib.sys

usbd.sys

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 2KB

INIT Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 512B - Virtual size: 60B

5bd26fa42f206fa9e2851e44a902d4c4

Code Sign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6dCertificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

11:0c:22:20:dc:c3:e1:74:5e:f8:68:ec:69:4a:02:98:6b:8c:ff:a1:0d:9f:93:94:9f:10:16:1b:d1:9d:80:87Signer

Signature Validations

Verification

02/02/2023, 17:54 Valid: false

Headers

File Characteristics

Imports

ntoskrnl.exe

usbd.sys

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 14KB

.data Size: 256B - Virtual size: 240B

.edata Size: 96B - Virtual size: 85B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 864B - Virtual size: 864B

.reloc Size: 736B - Virtual size: 728B

73c8269d81f961df8a757e8e8dec8095

Code Sign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6dCertificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

c5:43:5a:3d:17:7f:4e:40:58:6d:c3:07:32:6d:50:cb:9b:34:b6:42:51:21:20:f5:24:8d:cb:aa:b2:47:b8:a6
Signer

02/02/2023, 17:54
Valid: false

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 96B

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 512B - Virtual size: 112B

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

20:03:2d:39:3d:23:24:7c:15:2c:26:40:f4:5c:dc:7e:83:9a:ce:bf:d8:bc:02:a7:00:3a:c5:d5:66:9c:49:11
Signer

02/02/2023, 17:54
Valid: false

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 2KB

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 512B - Virtual size: 60B

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

11:0c:22:20:dc:c3:e1:74:5e:f8:68:ec:69:4a:02:98:6b:8c:ff:a1:0d:9f:93:94:9f:10:16:1b:d1:9d:80:87
Signer

02/02/2023, 17:54
Valid: false

.text
Size: 14KB - Virtual size: 14KB

.data
Size: 256B - Virtual size: 240B

.edata
Size: 96B - Virtual size: 85B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 864B - Virtual size: 864B

.reloc
Size: 736B - Virtual size: 728B

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

0f:78:08:94:a8:fc:54:b6:cb:86:2f:ea:06:10:fb:04:1e:b6:dc:95:f7:b9:ae:56:3d:13:ea:de:67:58:a6:71
Signer

02/02/2023, 17:54
Valid: false

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 640B - Virtual size: 603B

.data
Size: 896B - Virtual size: 832B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 1KB - Virtual size: 1KB

33:00:00:00:c4:6e:76:d0:4d:3d:fe:a9:65:00:00:00:00:00:c4
Certificate

33:00:00:00:31:7c:61:d4:61:15:ce:ba:6a:00:01:00:00:00:31
Certificate

33:00:00:00:38:2e:50:e8:6a:98:9d:95:7f:00:00:00:00:00:38
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:58:4c:08:4c:80:a1:c8:d5:61:00:00:00:00:00:58
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

c9:80:24:02:db:2c:02:12:79:eb:1c:f7:04:db:bc:d3:13:2b:78:64:77:0c:43:11:60:41:6a:eb:c2:6e:4f:d2
Signer

02/02/2023, 17:54
Valid: false

c3:a8:73:53:d6:3f:89:31:79:a2:19:f6:dd:b4:6e:b5:3a:75:e5:42
Signer

21/07/2018, 06:43
Valid: false

.text
Size: 32KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 23KB

.pdata
Size: 1024B - Virtual size: 876B

.rsrc
Size: 5KB - Virtual size: 5KB

33:00:00:00:c4:6e:76:d0:4d:3d:fe:a9:65:00:00:00:00:00:c4
Certificate

33:00:00:00:31:7c:61:d4:61:15:ce:ba:6a:00:01:00:00:00:31
Certificate

33:00:00:00:38:2e:50:e8:6a:98:9d:95:7f:00:00:00:00:00:38
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:58:4c:08:4c:80:a1:c8:d5:61:00:00:00:00:00:58
Certificate