USB Driver[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

USB Driver.exe
Size

378KB
MD5

ac4d26cd3db1791b13a7bd065e69ae8b
SHA1

759222977856d9881434d9bc9f172185e686f1ad
SHA256

415d87499c302313864cbf4478e2bbff82188bba5c381eadbd596c0797943b0d
SHA512

2ba685acec701f51dccd91d7a2d55b0e6add245c54ae575bc8f4f58d4f413abedf3a506b4cd547c249949b78baf469be80acd6d49813d35e0a7e976ab4de9a32
SSDEEP

6144:Vn2RZHTNddqsJfIGosmrsPkaWqaCVmEbNcj7/WTlabPUXmJiin26lXjS0Z:Vn2RlpddRPYXKNcj7waw5in26VtZ

Score

1^/10

Malware Config

Signatures

Files

USB Driver.exe
.exe windows x86

12264006a4dd1735b47f82b81b998cfb

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:a8:7f:2c:17:9b:37:1d:56:82:0b:d3:25:97:53:ab:f8:18:85:d3
Signer

Actual PE Digest

39:a8:7f:2c:17:9b:37:1d:56:82:0b:d3:25:97:53:ab:f8:18:85:d3

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

13/05/2013, 21:09
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
GetTokenInformation
GetKernelObjectSecurity
GetAclInformation
CreateRestrictedToken
CopySid
EqualSid
CreateProcessAsUserW
SetTokenInformation
LookupPrivilegeValueW
GetAce
InitializeAcl
AddAccessAllowedAce
IsValidSid
AddAce
GetLengthSid
GetSecurityDescriptorDacl
CreateWellKnownSid
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW

kernel32

GetLastError
GetStartupInfoW
GetModuleFileNameW
GetCurrentProcess
IsDebuggerPresent
GetProcAddress
LoadLibraryW
FreeLibrary
GetCommandLineW
RemoveDirectoryW
SetEnvironmentVariableA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
Sleep
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
CreateFileW
ReadFile
GetVersionExW
WriteFile
GetModuleHandleW
SetEnvironmentVariableW
SetFilePointer
GetFileSize
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
InterlockedIncrement
GlobalUnlock
GlobalLock
GlobalAlloc
SetLastError
GlobalAddAtomW
GlobalGetAtomNameW
GetCurrentProcessId
lstrlenW
GetVersionExA
lstrcmpW
LoadLibraryA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GetCurrentThreadId
FreeResource
GetThreadLocale
FileTimeToSystemTime
MulDiv
LocalFree
FormatMessageW
GlobalFree
InterlockedDecrement
InterlockedExchange
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GetTickCount
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalFlags
lstrlenA
GetModuleHandleA
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
WritePrivateProfileStringW
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc
RtlUnwind
RaiseException
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA

user32

GetClientRect
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
SetCapture
GetDesktopWindow
SetWindowPos
SetFocus
ReleaseCapture
TranslateAcceleratorW
ShowWindow
GetWindow
SetMenu
BringWindowToTop
GetLastActivePopup
GetMenu
SetRectEmpty
GetClassInfoW
CreatePopupMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
InsertMenuItemW
LoadAcceleratorsW
GetCapture
PeekMessageW
SetCursor
LoadIconW
GetKeyState
GetDlgCtrlID
SetWindowLongW
GetDlgItem
GetActiveWindow
GetWindowThreadProcessId
WinHelpW
DestroyMenu
LoadMenuW
ReuseDDElParam
UnpackDDElParam
GetSysColor
GetClassNameW
GetWindowPlacement
SystemParametersInfoA
PtInRect
CallWindowProcW
DefWindowProcW
SetWindowPlacement
DeferWindowPos
ScreenToClient
RegisterClassW
GetClassInfoExW
CreateWindowExW
SetForegroundWindow
TrackPopupMenu
CopyAcceleratorTableW
MapWindowPoints
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
DispatchMessageW
GetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
GetClassLongW
CallNextHookEx
SetWindowsHookExW
IsChild
SendDlgItemMessageA
SendDlgItemMessageW
IsWindowEnabled
InflateRect
GetMenuItemInfoW
IsDialogMessageW
SetWindowTextW
MoveWindow
PostQuitMessage
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
ValidateRect
GetCursorPos
TranslateMessage
GetMessageW
RegisterClipboardFormatW
ClientToScreen
GetSysColorBrush
LoadCursorW
CharNextW
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetWindowDC
BeginPaint
EndPaint
UnregisterClassW
CharUpperW
GetNextDlgGroupItem
GetNextDlgTabItem
MessageBeep
PostThreadMessageW
EndDialog
CreateDialogIndirectParamW
CopyRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
GetMenuState
GetSystemMetrics
AdjustWindowRectEx
SetMenuDefaultItem
FlashWindow
DrawMenuBar
MonitorFromWindow
EnableMenuItem
SystemParametersInfoW
GetWindowInfo
IsZoomed
PostMessageW
LoadImageW
IsIconic
SetActiveWindow
GetWindowRect
GetSystemMenu
SetWindowRgn
UpdateWindow
MessageBoxW
RegisterWindowMessageW
WaitForInputIdle
EqualRect
GetWindowLongW
IntersectRect
OffsetRect
SetRect
IsWindow
IsRectEmpty
CheckMenuItem
IsWindowVisible
SendMessageW
EnableWindow
GetMonitorInfoW

gdi32

GetRgnBox
CreateCompatibleBitmap
CreateBitmap
GetClipBox
SetTextColor
CreateCompatibleDC
CreateRectRgnIndirect
GetMapMode
CreateSolidBrush
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
CreateRectRgn
CreateRoundRectRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetTextColor
GetBkColor
GetStockObject
DeleteObject
GetTextExtentPoint32W
ExtTextOutW
BitBlt
CreateFontIndirectW
GetDeviceCaps
GetObjectW
SetBkColor

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

shlwapi

PathStripToRootW
PathFindFileNameW
PathFindExtensionW
PathCombineW
PathRemoveFileSpecW
PathIsUNCW

shell32

DragFinish
DragQueryFileW
SHGetFolderPathW
SHFileOperationW
CommandLineToArgvW

ole32

CLSIDFromString
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemFree
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemAlloc
CoInitialize
CoUninitialize

comdlg32

GetFileTitleW

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
OleCreateFontIndirect
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
SysAllocStringLen
SysAllocString
SysStringLen
VariantClear

oledlg

OleUIBusyW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

GetWindowInterface

Sections

.text
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12264006a4dd1735b47f82b81b998cfb

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33Certificate

Extended Key Usages

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

39:a8:7f:2c:17:9b:37:1d:56:82:0b:d3:25:97:53:ab:f8:18:85:d3Signer

Signature Validations

Verification

13/05/2013, 21:09 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

gdi32

winspool.drv

shlwapi

shell32

ole32

comdlg32

oleaut32

oledlg

version

Exports

Exports

Sections

.text Size: 309KB - Virtual size: 308KB

.data Size: 11KB - Virtual size: 26KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 34KB - Virtual size: 33KB

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

39:a8:7f:2c:17:9b:37:1d:56:82:0b:d3:25:97:53:ab:f8:18:85:d3
Signer

13/05/2013, 21:09
Valid: false

.text
Size: 309KB - Virtual size: 308KB

.data
Size: 11KB - Virtual size: 26KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 34KB - Virtual size: 33KB