?GetStrImage@@YAXPAEHPAY1BGI@DA@E@Z
Static task
static1
1 signatures
General
-
Target
UVHS_R1900.zip
-
Size
1.4MB
-
MD5
aac677f4207944100607cf45f011fd99
-
SHA1
60b7ff0794dd3b9a32a67aba6d5b9a7d6fe6ca1e
-
SHA256
7566669c2edbecbc25bc26d3ca28e9cd81b6c44176c244f5d9986a776e76558a
-
SHA512
eefda3242d2d34bb1787ae121942d5cf11dd81a3856fb9230b76b390dda74da637d9239b11024aa9fe1667807539f6018acd087ea9d261e421a4a07d59ff9f5f
-
SSDEEP
24576:/2CWnU42Bh5BQdSuUAqQVB4PSX5TgVGSdOWowAyV4mBQ9xafHxhlewV://TFBvCdSXA7BMa5TKowA04m6XmHxHek
Score
3/10
Malware Config
Signatures
-
Unsigned PE 4 IoCs
Checks for missing Authenticode signature.
resource unpack001/AdjProg.exe unpack001/Loader.exe unpack001/StrGene.dll unpack001/apdadrv.dll
Files
-
UVHS_R1900.zip.zip
-
AdjProg.exe.exe windows x86
521af96f18a186f1f8ad9d636ce48d58
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
apdadrv
?ADD4Negotiation@CApdadrv@@QAEKXZ
?ADD4Termination@CApdadrv@@QAEKXZ
?ADGetDeviceID@CApdadrv@@QAEKPAEK@Z
?ADD4SendAndReceiveCtrlCh@CApdadrv@@QAEKPAEK0KAAK@Z
?ADPortClose@CApdadrv@@QAEHXZ
?ADD4ReceiveDataFromDataCh@CApdadrv@@QAEKPAEKAAK@Z
?ADInitDevice@CApdadrv@@QAEKXZ
?ADPortOpen@CApdadrv@@QAEKPBD@Z
??0CApdadrv@@QAE@XZ
?ADSetRWTimeOut@CApdadrv@@QAEXU_COMMTIMEOUTS@@@Z
??1CApdadrv@@QAE@XZ
?ADD4SendDataToDataCh@CApdadrv@@QAEKPAEKAAK@Z
strgene
?GetStrImage@@YAXPAEHPAY1BGI@DA@E@Z
kernel32
TlsSetValue
LocalReAlloc
TlsGetValue
GetCPInfo
GetOEMCP
GetFileSize
GetFileTime
SetErrorMode
RtlUnwind
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
ExitProcess
TerminateProcess
GetStartupInfoA
GetCommandLineA
EnterCriticalSection
ExitThread
GetACP
HeapSize
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GlobalFlags
GetProcessVersion
FindResourceExA
SizeofResource
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentProcess
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
MulDiv
SetLastError
SuspendThread
SetThreadPriority
SetEvent
lstrcmpA
GetCurrentThread
InterlockedIncrement
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
InterlockedExchange
GetProfileStringA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GetProcAddress
GlobalLock
GlobalUnlock
VirtualProtect
FindResourceA
LoadResource
LockResource
CreateEventA
WaitForSingleObject
WritePrivateProfileStringA
GlobalAlloc
GlobalFree
SetFileAttributesA
FindFirstFileA
MoveFileA
FindNextFileA
FindClose
RemoveDirectoryA
CreateDirectoryA
GetFileAttributesA
DeleteFileA
ResumeThread
GetExitCodeThread
Sleep
GetWindowsDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
WideCharToMultiByte
GetVersionExA
CreateFileA
DeviceIoControl
GetLastError
CloseHandle
MultiByteToWideChar
InterlockedDecrement
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
GetModuleFileNameA
lstrlenA
CreateThread
user32
PtInRect
InflateRect
TabbedTextOutA
GetWindowDC
ClientToScreen
GetMessageA
ValidateRect
GetCursorPos
SetCursor
PostQuitMessage
wvsprintfA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
GetDlgItemTextA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
ScreenToClient
CopyRect
IsWindowVisible
ScrollWindow
SetScrollInfo
GetScrollRange
GetScrollPos
GetTopWindow
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetClassNameA
GetMenuItemID
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
GetKeyState
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
IsWindowUnicode
GetNextDlgTabItem
EndDialog
IsWindow
CreateDialogIndirectParamA
DestroyWindow
MapDialogRect
SetWindowPos
ShowWindow
GetCapture
GetActiveWindow
SetActiveWindow
GetAsyncKeyState
GetWindowLongA
GetFocus
SetFocus
GetDlgItem
IsWindowEnabled
KillTimer
GetSysColorBrush
CharUpperA
DestroyMenu
LoadStringA
GrayStringA
SetTimer
PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA
RedrawWindow
UpdateWindow
LoadCursorA
CopyIcon
GetDlgCtrlID
GetDC
BeginPaint
EndPaint
ReleaseDC
InvalidateRect
GetWindowRect
GetClientRect
IsIconic
DrawIcon
GetSystemMetrics
GetSystemMenu
AppendMenuA
LoadIconA
WinHelpA
MessageBoxA
SetSystemCursor
PostMessageA
GetParent
SendMessageA
EnableWindow
GetSubMenu
DrawTextA
CharNextA
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
CreateWindowExA
gdi32
GetDeviceCaps
PtVisible
TextOutA
ExtTextOutA
Escape
PatBlt
EnumFontFamiliesExA
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateCompatibleDC
CreateDIBitmap
SelectObject
SetStretchBltMode
GetTextExtentPointA
BitBlt
StretchBlt
DeleteObject
CreateFontA
RectVisible
CreateSolidBrush
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
comdlg32
GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA
winspool.drv
OpenPrinterA
DocumentPropertiesA
ClosePrinter
EnumPortsA
advapi32
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
shell32
ShellExecuteA
comctl32
CreatePropertySheetPageA
PropertySheetA
ord17
ImageList_Destroy
DestroyPropertySheetPage
ole32
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitializeSecurity
oleaut32
SysStringLen
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SysAllocString
VariantClear
SysAllocStringLen
Sections
.text Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 280KB - Virtual size: 276KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 240KB - Virtual size: 327KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 64KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
CDR.prn
-
EditText.dat
-
Loader - Shortcut.lnk.lnk
-
Loader.exe.exe windows x86
bff983b5fa21bb8c13bf11543e08f6bd
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
user32
MessageBoxA
kernel32
ExitProcess
ExpandEnvironmentStringsA
FindResourceA
GetCommandLineA
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetTempPathA
LoadResource
MapViewOfFile
ReadFile
ReadProcessMemory
ResumeThread
RtlMoveMemory
SetEnvironmentVariableA
SizeofResource
DeleteFileA
TerminateProcess
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtectEx
WritePrivateProfileStringA
WriteProcessMemory
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrlenA
CreateProcessA
CreateFileMappingA
FindClose
FindFirstFileA
FlushFileBuffers
WriteFile
SetCurrentDirectoryA
CreateFileA
CloseHandle
Sleep
shell32
ShellExecuteA
advapi32
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
comdlg32
GetOpenFileNameA
Sections
.text Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 34KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Loader.exe - Shortcut.lnk.lnk
-
ReadMe!!!.txt
-
StrGene.dll.dll windows x86
b12fa03ab655983db613c463bd66a916
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ExitProcess
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsFree
SetLastError
TlsGetValue
GetLastError
TlsAlloc
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
RtlUnwind
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
VirtualQuery
Exports
Exports
Sections
.text Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
apdadrv.dll.dll windows x86
b1bf50502811f4348363b4fe821b7e03
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
QueryDosDeviceA
lstrcmpiA
lstrlenA
CloseHandle
WriteFile
DefineDosDeviceA
Sleep
ReadFile
DeviceIoControl
GetVersionExA
CreateFileA
ClearCommError
SetCommTimeouts
FlushFileBuffers
ExitProcess
TerminateProcess
GetCurrentProcess
RtlUnwind
GetCommandLineA
GetVersion
HeapReAlloc
HeapAlloc
HeapSize
HeapFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
GetStringTypeA
GetStringTypeW
SetStdHandle
LCMapStringA
LCMapStringW
advapi32
RegCloseKey
RegQueryValueExA
setupapi
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInterfaceRegKey
Exports
Exports
??0CApdadrv@@QAE@XZ
??1CApdadrv@@QAE@XZ
??4CApdadrv@@QAEAAV0@ABV0@@Z
?ADD4Negotiation@CApdadrv@@QAEKXZ
?ADD4ReceiveDataFromDataCh@CApdadrv@@QAEKPAEKAAK@Z
?ADD4SendAndReceiveCtrlCh@CApdadrv@@QAEKPAEK0KAAK@Z
?ADD4SendDataToDataCh@CApdadrv@@QAEKPAEKAAK@Z
?ADD4SetCommPacketSize@CApdadrv@@QAEXGGGG@Z
?ADD4Termination@CApdadrv@@QAEKXZ
?ADGetDeviceID@CApdadrv@@QAEKPAEK@Z
?ADInitDevice@CApdadrv@@QAEKXZ
?ADPortClose@CApdadrv@@QAEHXZ
?ADPortOpen@CApdadrv@@QAEKPBD@Z
?ADReceive@CApdadrv@@QAEKPAEKAAK@Z
?ADSend@CApdadrv@@QAEKPAEKAAK@Z
?ADSetRWTimeOut@CApdadrv@@QAEXU_COMMTIMEOUTS@@@Z
?ADSetReceiveType@CApdadrv@@QAEXK@Z
Sections
.text Size: 44KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
caution.bmp
-
dat1.prn
-
dat2.prn
-
dat3.prn
-
dat4.prn
-
dat5.prn
-
headid.bmp
-
m1.prn
-
m2.prn
-
m3.prn
-
prnerror.bmp
-
prnidle.bmp
-
r1.prn
-
r2.prn
-
r3.prn