13fe69c4f33267ca9af4fe394d0f156d4970fe185772ef406e306a6cebe4bc6c

Sharing

Copy URL Twitter E-mail

General

Target

13fe69c4f33267ca9af4fe394d0f156d4970fe185772ef406e306a6cebe4bc6c
Size

5.7MB
MD5

f63d61f6beddba2b9010437b32f75450
SHA1

00ee73b0afb86ab11097aa47e1342c5d1ade86af
SHA256

13fe69c4f33267ca9af4fe394d0f156d4970fe185772ef406e306a6cebe4bc6c
SHA512

52a007456089e5f1d967eb50939b8d71cb3922b105d2a0d62f0193d6165208bf00c70f316c5d56e46b1a8f6636a0698c9db03d209a4e2c6f6f3478dfb8494305
SSDEEP

98304:kD4s/cCe2DpSfm+oo8LNsxPW1tr3djDcq8r3IobE6kJ7eWc26c9wZkm5G7O04ZC7:kDj/cC3F2m+bdi5dkqgIuKaUGZ7v5Qag

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/阅读程序/setup.exe
unpack001/驱动/32位Windows操作系统驱动/驱动文件/USBDrv.sys
unpack001/驱动/32位Windows操作系统驱动/驱动文件/samcoins.dll
unpack001/驱动/64位Windows操作系统驱动/驱动文件/USBDrv.sys
unpack001/驱动/64位Windows操作系统驱动/驱动文件/samcoins.dll
unpack001/驱动/Win98 Driver/USBDrv.sys
unpack001/驱动/Win98 Driver/samcoins.dll

Files

13fe69c4f33267ca9af4fe394d0f156d4970fe185772ef406e306a6cebe4bc6c
.zip
阅读程序/setup.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
驱动/32位Windows操作系统驱动/MSI安装包/ReadMe.txt
驱动/32位Windows操作系统驱动/MSI安装包/USBDrv-install.bat
驱动/32位Windows操作系统驱动/MSI安装包/USBDrv-uninstall.bat
驱动/32位Windows操作系统驱动/MSI安装包/USBDrv3.0-x86.msi
.msi
驱动/32位Windows操作系统驱动/驱动文件/USBDrv.sys
.sys windows x86

8aace94ce80cce4627a56826465c5ca5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

InterlockedIncrement
IofCompleteRequest
InterlockedDecrement
KeReleaseMutex
KeWaitForSingleObject
ExFreePool
memcpy
IofCallDriver
KeInitializeMutex
KeInitializeSpinLock
IoAttachDeviceToDeviceStack
IoDeleteDevice
IoRegisterDeviceInterface
KeInitializeEvent
IoCreateDevice
KeSetEvent
PoCallDriver
PoStartNextPowerIrp
KeResetEvent
IoSetDeviceInterfaceState
IoDetachDevice
RtlFreeUnicodeString
KeClearEvent
IoCancelIrp
IoBuildDeviceIoControlRequest
ExAllocatePool
InterlockedExchange
KeTickCount
KeBugCheckEx
memmove

hal

KfAcquireSpinLock
KfReleaseSpinLock

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx
USBD_GetUSBDIVersion

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
驱动/32位Windows操作系统驱动/驱动文件/USBDrvCo.inf
驱动/32位Windows操作系统驱动/驱动文件/samcoins.dll
.dll windows x86

a64b3f28be21cf4acccb1c3201ed5d91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiGetDeviceInstallParamsA
SetupDiSetDeviceInstallParamsA
SetupDiEnumDriverInfoA
SetupDiGetDriverInstallParamsA
SetupDiSetDriverInstallParamsA

kernel32

DisableThreadLibraryCalls
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter

Exports

Exports

SDTSamUsbCoInstaller

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
驱动/32位Windows操作系统驱动/驱动文件/sdt_s_drv.cat
驱动/32位Windows操作系统驱动/驱动文件/居民身份证验证安全模块安装卸载说明(32位Windows系统).pdf
.pdf .ps1
驱动/64位Windows操作系统驱动/MSI安装包/ReadMe.txt
驱动/64位Windows操作系统驱动/MSI安装包/USBDrv-install.bat
驱动/64位Windows操作系统驱动/MSI安装包/USBDrv-uninstall.bat
驱动/64位Windows操作系统驱动/MSI安装包/USBDrv3.0-x64.msi
.msi
驱动/64位Windows操作系统驱动/驱动文件/USBDrv.sys
.sys windows x64

fa84d48e2187aef01a967054fa96a1e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeWaitForSingleObject
IofCallDriver
KeAcquireSpinLockRaiseToDpc
KeResetEvent
KeInitializeMutex
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
IoDeleteDevice
KeSetEvent
KeInitializeEvent
IofCompleteRequest
RtlFreeUnicodeString
PoStartNextPowerIrp
IoAttachDeviceToDeviceStack
PoCallDriver
IoCreateDevice
ExAllocatePoolWithTag
KeClearEvent
IoBuildDeviceIoControlRequest
IoCancelIrp
KeBugCheckEx
ExFreePool
KeReleaseMutex
IoDetachDevice
KeReleaseSpinLock

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_GetUSBDIVersion
USBD_CreateConfigurationRequestEx

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 384B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
驱动/64位Windows操作系统驱动/驱动文件/USBDrvCo.inf
驱动/64位Windows操作系统驱动/驱动文件/samcoins.dll
.dll windows x64

65ac31a680ca6c5de611cb1322d4d27d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

__C_specific_handler
_amsg_exit
free
_initterm
malloc
_XcptFilter

setupapi

SetupDiGetDeviceInstallParamsA
SetupDiSetDeviceInstallParamsA
SetupDiGetDriverInstallParamsA
SetupDiRemoveDevice
SetupDiSetDriverInstallParamsA
SetupDiEnumDriverInfoA

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
Sleep
GetLastError

Exports

Exports

SDTSamUsbCoInstaller

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
驱动/64位Windows操作系统驱动/驱动文件/sdt_s_drv_x64.cat
驱动/64位Windows操作系统驱动/驱动文件/居民身份证验证安全模块安装卸载说明(64位Windows系统).pdf
.pdf
驱动/Win98 Driver/USBDrv.sys
.sys windows x86

8aace94ce80cce4627a56826465c5ca5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

InterlockedIncrement
IofCompleteRequest
InterlockedDecrement
KeReleaseMutex
KeWaitForSingleObject
ExFreePool
memcpy
IofCallDriver
KeInitializeMutex
KeInitializeSpinLock
IoAttachDeviceToDeviceStack
IoDeleteDevice
IoRegisterDeviceInterface
KeInitializeEvent
IoCreateDevice
KeSetEvent
PoCallDriver
PoStartNextPowerIrp
KeResetEvent
IoSetDeviceInterfaceState
IoDetachDevice
RtlFreeUnicodeString
KeClearEvent
IoCancelIrp
IoBuildDeviceIoControlRequest
ExAllocatePool
InterlockedExchange
KeTickCount
KeBugCheckEx
memmove

hal

KfAcquireSpinLock
KfReleaseSpinLock

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx
USBD_GetUSBDIVersion

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
驱动/Win98 Driver/USBDrvCo.inf
驱动/Win98 Driver/UsbDrv.inf
驱动/Win98 Driver/samcoins.dll
.dll windows x86

a64b3f28be21cf4acccb1c3201ed5d91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiGetDeviceInstallParamsA
SetupDiSetDeviceInstallParamsA
SetupDiEnumDriverInfoA
SetupDiGetDriverInstallParamsA
SetupDiSetDriverInstallParamsA

kernel32

DisableThreadLibraryCalls
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter

Exports

Exports

SDTSamUsbCoInstaller

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
驱动/Win98 Driver/sdt_s_drv.cat

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 39KB - Virtual size: 39KB

DATA Size: 1024B - Virtual size: 592B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 2KB

.rsrc Size: 11KB - Virtual size: 11KB

8aace94ce80cce4627a56826465c5ca5

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

usbd.sys

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 384B - Virtual size: 294B

.data Size: 128B - Virtual size: 16B

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 384B - Virtual size: 312B

a64b3f28be21cf4acccb1c3201ed5d91

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

kernel32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 804B

.reloc Size: 512B - Virtual size: 168B

fa84d48e2187aef01a967054fa96a1e2

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

usbd.sys

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 768B - Virtual size: 684B

.data Size: 384B - Virtual size: 272B

.pdata Size: 384B - Virtual size: 336B

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

65ac31a680ca6c5de611cb1322d4d27d

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

setupapi

kernel32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 240B

.reloc Size: 512B - Virtual size: 36B

8aace94ce80cce4627a56826465c5ca5

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

CODE
Size: 39KB - Virtual size: 39KB

DATA
Size: 1024B - Virtual size: 592B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 11KB - Virtual size: 11KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 384B - Virtual size: 294B

.data
Size: 128B - Virtual size: 16B

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 384B - Virtual size: 312B

.text
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 804B

.reloc
Size: 512B - Virtual size: 168B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 768B - Virtual size: 684B

.data
Size: 384B - Virtual size: 272B

.pdata
Size: 384B - Virtual size: 336B

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.text
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 240B

.reloc
Size: 512B - Virtual size: 36B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 384B - Virtual size: 294B

.data
Size: 128B - Virtual size: 16B

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 384B - Virtual size: 312B

.text
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 804B

.reloc
Size: 512B - Virtual size: 168B