USBDeview[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

USBDeview.exe
Size

189KB
MD5

5c1729d2611fdcaeeadd238c1f0427c7
SHA1

ddcfca0994cc92783d6a942075166f026c88ed07
SHA256

95e50f7eea21bfed82a34a24bc5d66029146c7b988e889b11f30b45cb364dcf1
SHA512

47c608e0590e1f73c32a0c677f9b81738fb188b27243e99d514911158d673f18ae7ef99ea897e87c850c5588eae19e3d6ae8736e0a974dd51f438f5190e362c5
SSDEEP

3072:3FSG80yvkmcA4bEvLhWoLdpxgZZapW9T8iXcWWbgYrrzwKeugTedajIHNNSP7g8x:fyvkC6EvLhTLdpxgZRbWJdBHNNSd689

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

USBDeview.exe
.exe windows x64

a40d8b81263f7fc26c2e21012deecd1a

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:60:cc:dc:ea:5a:24:00:45:7c:fb:fe:3e:d2:10:52:09:52:31:f9:d5:ff:a6:e2:d2:b0:25:19:2d:71:e6:dd
Signer

Actual PE Digest

53:60:cc:dc:ea:5a:24:00:45:7c:fb:fe:3e:d2:10:52:09:52:31:f9:d5:ff:a6:e2:d2:b0:25:19:2d:71:e6:dd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
__dllonexit
_mbsrchr
atol
_mbsicmp
qsort
_strlwr
_mbschr
memmove
_strnicmp
strrchr
strchr
strcmp
strtoul
malloc
free
_strcmpi
modf
_memicmp
memcmp
srand
rand
abs
_strupr
_itoa
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcpy
strlen
_purecall
_stricmp
_snprintf
atoi
strcpy
memset
strcat
strncat
sprintf

comctl32

CreateToolbarEx
ord6
ImageList_SetImageCount
ImageList_Create
ImageList_AddMasked
ImageList_Add

ws2_32

send
WSAAsyncSelect
WSAAsyncGetHostByName
connect
inet_addr
htonl
WSAGetLastError
htons
bind
socket
WSASetLastError
closesocket
WSAStartup
WSACleanup

kernel32

CreateToolhelp32Snapshot
Process32Next
OpenProcess
SetEnvironmentVariableA
GetCurrentThreadId
DeviceIoControl
GetStartupInfoA
GetProcAddress
Process32First
ExitProcess
GetCurrentProcessId
ReadProcessMemory
GetCurrentProcess
Sleep
SetErrorMode
ExpandEnvironmentStringsA
FreeLibrary
GetPrivateProfileStringA
WinExec
GetComputerNameA
GetModuleFileNameA
GetLastError
CompareFileTime
SystemTimeToFileTime
GetModuleHandleA
FileTimeToSystemTime
LoadLibraryA
GetDiskFreeSpaceExA
GetLogicalDrives
GetWindowsDirectoryA
GetDriveTypeA
ReadFile
FlushFileBuffers
CloseHandle
DeleteFileA
CreateThread
CreateFileA
GetTickCount
WriteFile
FormatMessageA
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
GetDateFormatA
GetTempPathA
LocalFree
GetSystemDirectoryA
GetTempFileNameA
GetFileSize
LoadLibraryExA
GlobalAlloc
GlobalLock
WideCharToMultiByte
MultiByteToWideChar
GetTimeFormatA
GlobalUnlock
GetFileAttributesA
GetVersionExA
GetPrivateProfileIntA
WritePrivateProfileStringA
EnumResourceNamesA
GetStdHandle
CreateProcessA

user32

GetWindowThreadProcessId
SetForegroundWindow
AttachThreadInput
EnumWindows
SetTimer
GetSysColorBrush
ShowWindow
LoadCursorA
RemoveMenu
ReleaseDC
GetDC
SetCursor
SetDlgItemInt
BeginPaint
GetWindow
GetClientRect
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SetWindowTextA
GetSystemMetrics
DeferWindowPos
SendDlgItemMessageA
GetWindowRect
GetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
EndPaint
InvalidateRect
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
RegisterClassA
UpdateWindow
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
LoadImageA
GetSysColor
GetWindowLongA
SetWindowLongA
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetWindowTextA
GetSubMenu
GetCursorPos
GetClassNameA
CloseClipboard
CheckMenuRadioItem
MoveWindow
OpenClipboard
CheckMenuItem
GetMenu
EmptyClipboard
EnableMenuItem
InsertMenuItemA
GetMenuItemCount
GetParent
SetClipboardData
GetMenuStringA
EnableWindow
MapWindowPoints
LoadMenuA
LoadStringA
ModifyMenuA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
CreateDialogParamA
DestroyWindow
EnumChildWindows
GetMenuItemInfoA
CreatePopupMenu
LoadIconA
SetMenuItemInfoA
GetKeyState
GetMessageA
TranslateMessage
IsDialogMessageA
KillTimer
DrawTextExA
InsertMenuA
RegisterWindowMessageA
TrackPopupMenu
DispatchMessageA
PostQuitMessage
ChildWindowFromPoint

gdi32

GetTextExtentPoint32A
CreateCompatibleBitmap
SetTextColor
StretchBlt
GetStockObject
SetBkColor
GetPixel
GetObjectA
DeleteObject
SetBkMode
GetDeviceCaps
CreateFontIndirectA
CreateCompatibleDC
SelectObject
SetPixel
SetStretchBltMode
DeleteDC

comdlg32

ChooseFontA
FindTextA
GetSaveFileNameA

advapi32

QueryServiceStatus
CloseServiceHandle
OpenSCManagerA
ControlService
RegCreateKeyA
RegCloseKey
StartServiceA
ChangeServiceConfigA
OpenServiceA
RegLoadKeyA
RegUnLoadKeyA
RegConnectRegistryA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext

shell32

SHGetFileInfoA
ShellExecuteExA
ShellExecuteA
Shell_NotifyIconA

ole32

CoCreateInstance

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a40d8b81263f7fc26c2e21012deecd1a

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

53:60:cc:dc:ea:5a:24:00:45:7c:fb:fe:3e:d2:10:52:09:52:31:f9:d5:ff:a6:e2:d2:b0:25:19:2d:71:e6:ddSigner

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

comctl32

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 125KB - Virtual size: 124KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 26KB - Virtual size: 26KB

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

53:60:cc:dc:ea:5a:24:00:45:7c:fb:fe:3e:d2:10:52:09:52:31:f9:d5:ff:a6:e2:d2:b0:25:19:2d:71:e6:dd
Signer

.text
Size: 125KB - Virtual size: 124KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 26KB - Virtual size: 26KB