b91197c69873ab23d24a8463d68875cc452b42747f6efa2af564f1fdce5d0602[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

b91197c69873ab23d24a8463d68875cc452b42747f6efa2af564f1fdce5d0602.zip
Size

21KB
MD5

bf00561e250c7a4a0f7877f3af4ac597
SHA1

78e23d9cf42ec64086ed8293b7f182fef62747f4
SHA256

87133c0b6234ab213bb7036d829deebefbf05b63c4c81195a51385da644080d6
SHA512

8a93e2070547d9cec326e2191d2203ddfb955b5849350d0b42267b3c6ca62a436ef066038a6861f1869c311b2e58b16a4d02010ac4cdd157c70a938063eb075e
SSDEEP

384:KOWYGC7T55JBpRoV+vs572YVvSzTtyn54K9Iwi+vGHw0U+mBCj2S/USP4m:KOWJCF5JBpSeA7XvETYn539MqSHZ4m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/hidusb.sys

Files

b91197c69873ab23d24a8463d68875cc452b42747f6efa2af564f1fdce5d0602.zip
.zip

Password: infected
hidusb.sys
.sys windows:10 windows x64

c4ad9f67d5c57f7a61148aaa8f4cde7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoInitializeRemoveLockEx
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
IoReleaseRemoveLockEx
IoReleaseCancelSpinLock
IoAcquireRemoveLockEx
IoSetCompletionRoutineEx
IofCallDriver
KeWaitForSingleObject
ExFreePool
IoFreeWorkItem
KeInitializeEvent
IoAllocateWorkItem
IoQueueWorkItem
PoStartNextPowerIrp
PoCallDriver
KeResetEvent
ExAllocatePool2
KeSetEvent
IoReleaseRemoveLockAndWaitEx
IoBuildDeviceIoControlRequest
IoInvalidateDeviceState
MmMapLockedPagesSpecifyCache
IoCancelIrp
IofCompleteRequest
EtwUnregister
EtwWriteTransfer
KeInitializeSpinLock
EtwRegister
EtwSetInformation
IoWMIRegistrationControl
MmGetSystemRoutineAddress
KeGetCurrentIrql
RtlInitUnicodeString

hidclass.sys

HidRegisterMinidriver

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

wpprecorder.sys

WppAutoLogStart
WppAutoLogTrace
imp_WppRecorderReplay
WppAutoLogStop

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 114B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

c4ad9f67d5c57f7a61148aaa8f4cde7b

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hidclass.sys

usbd.sys

wpprecorder.sys

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 528B

.pdata Size: 4KB - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 1KB

PAGE Size: 8KB - Virtual size: 5KB

fothk Size: 4KB - Virtual size: 4KB

INIT Size: 4KB - Virtual size: 114B

GFIDS Size: 4KB - Virtual size: 104B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 528B

.pdata
Size: 4KB - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 1KB

PAGE
Size: 8KB - Virtual size: 5KB

fothk
Size: 4KB - Virtual size: 4KB

INIT
Size: 4KB - Virtual size: 114B

GFIDS
Size: 4KB - Virtual size: 104B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB