83d108848d35117ccbc00c74dc1ccb2a1c9bfc18339a6aa2b698b860d53cba1c

Sharing

Copy URL Twitter E-mail

General

Target

83d108848d35117ccbc00c74dc1ccb2a1c9bfc18339a6aa2b698b860d53cba1c
Size

743KB
MD5

010835e1976e0c0e030882157b034b11
SHA1

2b20a139975a6edf11800d1917339fa14d609938
SHA256

83d108848d35117ccbc00c74dc1ccb2a1c9bfc18339a6aa2b698b860d53cba1c
SHA512

56645def31332ebe12abfb877910416a362e1744e5829c253ce9f04265ff72c05ee7b9a9233929fb5a7be572b96187769133306bfd05f9c439c9cb3a422d012c
SSDEEP

12288:h4X71W5q9kL0VKG25bQnucp2/AHNd8VjYf/grWxfqW4eYDXB:h4X73k9G2pYY/jhoyWtuLB

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/ͼӲ/ͼӲ.exe	aspack_v212_v242

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ͼӲ/HardWareIoContral.dll
unpack001/ͼӲ/WinRing0.dll
unpack001/ͼӲ/WinRing0x64.dll
unpack001/ͼӲ/atiadlxy.dll

Files

83d108848d35117ccbc00c74dc1ccb2a1c9bfc18339a6aa2b698b860d53cba1c
.zip
ͼӲ/Config.ini
ͼӲ/HardWareInformation.ini
ͼӲ/HardWareIoContral.dll
.dll windows:5 windows x86

61223eb4e76931fb53a1c2d7b5ef0093

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

DestroyMenu

gdi32

DeleteDC

winspool.drv

DocumentPropertiesW

advapi32

RegSetValueExW

shlwapi

PathFindFileNameW

oleaut32

VariantClear

Exports

Exports

GetDisplayCardTemperature

Sections

.text
Size: 72KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ͼӲ/PnPDevice.ini
ͼӲ/WinRing0.dll
.dll windows:4 windows x86

24ac54d1ceb9fd3dd1228e4b95371b77

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wsprintfA

advapi32

ChangeServiceConfigA
QueryServiceConfigA
OpenSCManagerA
CloseServiceHandle
CreateServiceA
OpenServiceA
DeleteService
StartServiceA
ControlService

kernel32

WriteFile
CloseHandle
GetLastError
HeapAlloc
GetProcessHeap
HeapFree
DeviceIoControl
SetThreadAffinityMask
GetCurrentThread
Sleep
GetModuleFileNameA
CreateFileA
GetVersionExA
GetProcAddress
GetModuleHandleA
GetCurrentProcess
FindFirstFileA
FindClose
GetDriveTypeA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
GetStdHandle
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
RtlUnwind
LoadLibraryA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

Exports

Exports

Cpuid
CpuidEx
DeinitializeOls
FindPciDeviceByClass
FindPciDeviceById
GetDllStatus
GetDllVersion
GetDriverType
GetDriverVersion
Hlt
HltEx
InitializeOls
IsCpuid
IsMsr
IsTsc
Rdmsr
RdmsrEx
Rdpmc
RdpmcEx
Rdtsc
RdtscEx
ReadIoPortByte
ReadIoPortByteEx
ReadIoPortDword
ReadIoPortDwordEx
ReadIoPortWord
ReadIoPortWordEx
ReadPciConfigByte
ReadPciConfigByteEx
ReadPciConfigDword
ReadPciConfigDwordEx
ReadPciConfigWord
ReadPciConfigWordEx
SetPciMaxBusIndex
WriteIoPortByte
WriteIoPortByteEx
WriteIoPortDword
WriteIoPortDwordEx
WriteIoPortWord
WriteIoPortWordEx
WritePciConfigByte
WritePciConfigByteEx
WritePciConfigDword
WritePciConfigDwordEx
WritePciConfigWord
WritePciConfigWordEx
Wrmsr
WrmsrEx

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ͼӲ/WinRing0.sys
.sys windows:6 windows x86

dafa20946fc6fdfd0c5db31929253d6b

Code Sign

01:00:00:00:00:01:15:37:24:21:a8
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

24/09/2007, 10:50

Not After

24/09/2008, 10:50

Subject

CN=Noriyuki MIYAZAKI,C=JP,1.2.840.113549.1.9.1=#0c196869796f6869796f406372797374616c6d61726b2e696e666f

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/12/2003, 13:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:10:92:eb:82:95
Certificate

Issuer

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Not Before

05/02/2007, 09:00

Not After

27/01/2014, 09:00

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign,1.2.840.113549.1.9.1=#0c1c74696d657374616d70696e666f40676c6f62616c7369676e2e636f6d

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f5:7c:54:3d:f8:52:7b:d4:af:db:3a:e7:0d:9c:5d:8b:d6:0e:f6:9b
Signer

Actual PE Digest

f5:7c:54:3d:f8:52:7b:d4:af:db:3a:e7:0d:9c:5d:8b:d6:0e:f6:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
KeTickCount
IoCreateDevice
IoCreateSymbolicLink
IofCompleteRequest
RtlInitUnicodeString
IoDeleteSymbolicLink
RtlUnwind
KeBugCheckEx

hal

READ_PORT_USHORT
HalSetBusDataByOffset
HalGetBusDataByOffset
WRITE_PORT_ULONG
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_UCHAR

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 566B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ͼӲ/WinRing0.vxd
ͼӲ/WinRing0x64.dll
.dll windows:4 windows x64

5295721310bd847773820c1d98dbe0ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
GetVersionExW
FindFirstFileW
GetModuleFileNameW
GetDriveTypeW
Sleep
DeviceIoControl
GetCurrentThread
SetThreadAffinityMask
CloseHandle
HeapFree
GetProcessHeap
HeapAlloc
FindClose
GetLastError
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
RtlUnwindEx
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

user32

wsprintfW

advapi32

OpenSCManagerW
QueryServiceConfigW
ControlService
StartServiceW
DeleteService
ChangeServiceConfigW
OpenServiceW
CreateServiceW
CloseServiceHandle

Exports

Exports

Cpuid
CpuidEx
DeinitializeOls
FindPciDeviceByClass
FindPciDeviceById
GetDllStatus
GetDllVersion
GetDriverType
GetDriverVersion
Hlt
HltEx
InitializeOls
IsCpuid
IsMsr
IsTsc
Rdmsr
RdmsrEx
Rdpmc
RdpmcEx
Rdtsc
RdtscEx
ReadIoPortByte
ReadIoPortByteEx
ReadIoPortDword
ReadIoPortDwordEx
ReadIoPortWord
ReadIoPortWordEx
ReadPciConfigByte
ReadPciConfigByteEx
ReadPciConfigDword
ReadPciConfigDwordEx
ReadPciConfigWord
ReadPciConfigWordEx
SetPciMaxBusIndex
WriteIoPortByte
WriteIoPortByteEx
WriteIoPortDword
WriteIoPortDwordEx
WriteIoPortWord
WriteIoPortWordEx
WritePciConfigByte
WritePciConfigByteEx
WritePciConfigDword
WritePciConfigDwordEx
WritePciConfigWord
WritePciConfigWordEx
Wrmsr
WrmsrEx

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ͼӲ/WinRing0x64.sys
.sys windows:6 windows x64

fb730744c2011c30a57ae6e97ab02e3e

Code Sign

01:00:00:00:00:01:15:37:24:21:a8
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

24/09/2007, 10:50

Not After

24/09/2008, 10:50

Subject

CN=Noriyuki MIYAZAKI,C=JP,1.2.840.113549.1.9.1=#0c196869796f6869796f406372797374616c6d61726b2e696e666f

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/12/2003, 13:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:10:92:eb:82:95
Certificate

Issuer

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Not Before

05/02/2007, 09:00

Not After

27/01/2014, 09:00

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign,1.2.840.113549.1.9.1=#0c1c74696d657374616d70696e666f40676c6f62616c7369676e2e636f6d

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d3:7f:01:a4:7b:9f:ab:d6:4d:ab:fd:5c:9c:33:bc:05:7b:0b:da:38
Signer

Actual PE Digest

d3:7f:01:a4:7b:9f:ab:d6:4d:ab:fd:5c:9c:33:bc:05:7b:0b:da:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoCreateDevice
IofCompleteRequest
KeBugCheckEx
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
RtlInitUnicodeString
__C_specific_handler

hal

HalSetBusDataByOffset
HalGetBusDataByOffset

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ͼӲ/atiadlxy.dll
.dll windows:4 windows x86

ba109a5b453c82be5fb5d9e9b38df86e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

EnumDisplayDevicesA

gdi32

D3DKMTOpenAdapterFromHdc

advapi32

RegCreateKeyExA

setupapi

CM_Get_Parent

msvcrt

strrchr

Exports

Exports

ADL_ADC_CurrentProfileFromDrv_Get
ADL_ADC_Display_AdapterDeviceProfileEx_Get
ADL_ADC_DrvDataToProfile_Copy
ADL_ADC_FindClosestMode_Get
ADL_ADC_IsDevModeEqual_Get
ADL_ADC_Profile_Apply
ADL_Adapter_ASICFamilyType_Get
ADL_Adapter_ASICInfo_Get
ADL_Adapter_Accessibility_Get
ADL_Adapter_Active_Get
ADL_Adapter_Active_Set
ADL_Adapter_Active_SetPrefer
ADL_Adapter_AdapterInfo_Get
ADL_Adapter_Aspects_Get
ADL_Adapter_ChipSetInfo_Get
ADL_Adapter_CrossdisplayAdapterRole_Caps
ADL_Adapter_CrossdisplayInfo_Get
ADL_Adapter_CrossdisplayInfo_Set
ADL_Adapter_Crossfire_Caps
ADL_Adapter_Crossfire_Get
ADL_Adapter_Crossfire_Set
ADL_Adapter_Display_Caps
ADL_Adapter_DriverSettings_Get
ADL_Adapter_DriverSettings_Set
ADL_Adapter_ID_Get
ADL_Adapter_MemoryInfo_Get
ADL_Adapter_ModeSwitch
ADL_Adapter_NumberOfActivatableSources_Get
ADL_Adapter_NumberOfAdapters_Get
ADL_Adapter_Primary_Get
ADL_Adapter_Primary_Set
ADL_Adapter_SWInfo_Get
ADL_Adapter_Speed_Caps
ADL_Adapter_Speed_Get
ADL_Adapter_Speed_Set
ADL_Adapter_VariBrightEnable_Set
ADL_Adapter_VariBrightLevel_Get
ADL_Adapter_VariBrightLevel_Set
ADL_Adapter_VariBright_Caps
ADL_Adapter_VideoBiosInfo_Get
ADL_ApplicationProfiles_System_Reload
ADL_ApplicationProfiles_User_Load
ADL_ApplicationProfiles_User_Unload
ADL_CV_DongleSettings_Get
ADL_CV_DongleSettings_Reset
ADL_CV_DongleSettings_Set
ADL_Controller_Color_Get
ADL_Controller_Color_Set
ADL_DFP_AllowOnlyCETimings_Get
ADL_DFP_AllowOnlyCETimings_Set
ADL_DFP_BaseAudioSupport_Get
ADL_DFP_GPUScalingEnable_Get
ADL_DFP_GPUScalingEnable_Set
ADL_DFP_HDMISupport_Get
ADL_DFP_MVPUAnalogSupport_Get
ADL_DFP_PixelFormat_Caps
ADL_DFP_PixelFormat_Get
ADL_DFP_PixelFormat_Set
ADL_Display_AdapterID_Get
ADL_Display_AdjustCaps_Get
ADL_Display_AdjustmentCoherent_Get
ADL_Display_AdjustmentCoherent_Set
ADL_Display_BackLight_Get
ADL_Display_BackLight_Set
ADL_Display_BezelOffsetSteppingSize_Get
ADL_Display_BezelOffset_Set
ADL_Display_BezelSupported_Validate
ADL_Display_Capabilities_Get
ADL_Display_ColorCaps_Get
ADL_Display_ColorTemperatureSource_Get
ADL_Display_ColorTemperatureSource_Set
ADL_Display_Color_Get
ADL_Display_Color_Set
ADL_Display_ConnectedDisplays_Get
ADL_Display_ControllerOverlayAdjustmentCaps_Get
ADL_Display_ControllerOverlayAdjustmentData_Get
ADL_Display_ControllerOverlayAdjustmentData_Set
ADL_Display_CurrentPixelClock_Get
ADL_Display_CustomizedModeListNum_Get
ADL_Display_CustomizedModeList_Get
ADL_Display_CustomizedMode_Add
ADL_Display_CustomizedMode_Delete
ADL_Display_CustomizedMode_Validate
ADL_Display_DDCBlockAccess_Get
ADL_Display_DDCInfo_Get
ADL_Display_Deflicker_Get
ADL_Display_Deflicker_Set
ADL_Display_DeviceConfig_Get
ADL_Display_DisplayInfo_Get
ADL_Display_DisplayMapConfig_Get
ADL_Display_DisplayMapConfig_PossibleAddAndRemove
ADL_Display_DisplayMapConfig_Set
ADL_Display_DisplayMapConfig_Validate
ADL_Display_DitherState_Get
ADL_Display_DitherState_Set
ADL_Display_EdidData_Get
ADL_Display_EnumDisplays_Get
ADL_Display_FilterSVideo_Get
ADL_Display_FilterSVideo_Set
ADL_Display_ForcibleDisplay_Get
ADL_Display_ForcibleDisplay_Set
ADL_Display_FormatsOverride_Get
ADL_Display_FormatsOverride_Set
ADL_Display_GamutMapping_Get
ADL_Display_GamutMapping_Reset
ADL_Display_GamutMapping_Set
ADL_Display_ImageExpansion_Get
ADL_Display_ImageExpansion_Set
ADL_Display_InfoPacket_Get
ADL_Display_InfoPacket_Set
ADL_Display_LCDRefreshRateCapability_Get
ADL_Display_LCDRefreshRateOptions_Get
ADL_Display_LCDRefreshRateOptions_Set
ADL_Display_LCDRefreshRate_Get
ADL_Display_LCDRefreshRate_Set
ADL_Display_Limits_Get
ADL_Display_MVPUCaps_Get
ADL_Display_MVPUStatus_Get
ADL_Display_ModeTimingOverrideInfo_Get
ADL_Display_ModeTimingOverrideList_Get
ADL_Display_ModeTimingOverride_Get
ADL_Display_ModeTimingOverride_Set
ADL_Display_Modes_Get
ADL_Display_Modes_Set
ADL_Display_NativeAUXChannel_Access
ADL_Display_NumberOfDisplays_Get
ADL_Display_ODClockConfig_Set
ADL_Display_ODClockInfo_Get
ADL_Display_Overscan_Get
ADL_Display_Overscan_Set
ADL_Display_PixelClockAllowableRange_Set
ADL_Display_PixelClockCaps_Get
ADL_Display_PixelFormat_Get
ADL_Display_PixelFormat_Set
ADL_Display_Position_Get
ADL_Display_Position_Set
ADL_Display_PossibleMapping_Get
ADL_Display_PossibleMode_Get
ADL_Display_PowerXpressActiveGPU_Get
ADL_Display_PowerXpressActiveGPU_Set
ADL_Display_PowerXpressVersion_Get
ADL_Display_PowerXpress_AutoSwitchConfig_Get
ADL_Display_PowerXpress_AutoSwitchConfig_Set
ADL_Display_PreservedAspectRatio_Get
ADL_Display_PreservedAspectRatio_Set
ADL_Display_Property_Get
ADL_Display_Property_Set
ADL_Display_ReducedBlanking_Get
ADL_Display_ReducedBlanking_Set
ADL_Display_SLSGrid_Caps
ADL_Display_SLSMapConfig_Create
ADL_Display_SLSMapConfig_Delete
ADL_Display_SLSMapConfig_Get
ADL_Display_SLSMapConfig_Rearrange
ADL_Display_SLSMapConfig_SetState
ADL_Display_SLSMapIndexList_Get
ADL_Display_SLSMapIndex_Get
ADL_Display_Size_Get
ADL_Display_Size_Set
ADL_Display_SplitDisplay_Caps
ADL_Display_SplitDisplay_Get
ADL_Display_SplitDisplay_RestoreDesktopConfiguration
ADL_Display_SplitDisplay_Set
ADL_Display_SupportedPixelFormat_Get
ADL_Display_SwitchingCapability_Get
ADL_Display_TVCaps_Get
ADL_Display_UnderScan_Auto_Get
ADL_Display_UnderScan_Auto_Set
ADL_Display_Underscan_Get
ADL_Display_Underscan_Set
ADL_Display_Vector_Get
ADL_Display_WriteAndReadI2C
ADL_Display_WriteAndReadI2CRev_Get
ADL_Graphics_Platform_Get
ADL_Main_Control_Create
ADL_Main_Control_Destroy
ADL_Main_Control_GetProcAddress
ADL_Main_Control_IsFunctionValid
ADL_Main_Control_Refresh
ADL_Main_LogDebug_Set
ADL_Main_LogError_Set
ADL_Overdrive5_CurrentActivity_Get
ADL_Overdrive5_FanSpeedInfo_Get
ADL_Overdrive5_FanSpeedToDefault_Set
ADL_Overdrive5_FanSpeed_Get
ADL_Overdrive5_FanSpeed_Set
ADL_Overdrive5_ODParameters_Get
ADL_Overdrive5_ODPerformanceLevels_Get
ADL_Overdrive5_ODPerformanceLevels_Set
ADL_Overdrive5_Temperature_Get
ADL_Overdrive5_ThermalDevices_Enum
ADL_Overdrive_Caps
ADL_Remap
ADL_TV_Standard_Get
ADL_TV_Standard_Set
ADL_Workstation_AdapterNumOfGLSyncConnectors_Get
ADL_Workstation_Caps
ADL_Workstation_DisplayGLSyncMode_Get
ADL_Workstation_DisplayGLSyncMode_Set
ADL_Workstation_DisplayGenlockCapable_Get
ADL_Workstation_GLSyncCounters_Get
ADL_Workstation_GLSyncGenlockConfiguration_Get
ADL_Workstation_GLSyncGenlockConfiguration_Set
ADL_Workstation_GLSyncModuleDetect_Get
ADL_Workstation_GLSyncModuleInfo_Get
ADL_Workstation_GLSyncPortState_Get
ADL_Workstation_GLSyncPortState_Set
ADL_Workstation_LoadBalancing_Caps
ADL_Workstation_LoadBalancing_Get
ADL_Workstation_LoadBalancing_Set
ADL_Workstation_Stereo_Get
ADL_Workstation_Stereo_Set
Desktop_Detach
Send

Sections

.text
Size: 75KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ͼӲ/data/Graphicscard.edb
ͼӲ/data/Graphicscard2.edb
ͼӲ/data/Intelchipset.edb
ͼӲ/data/Memorytype.edb
ͼӲ/ͼӲ.exe
.exe windows:5 windows x86

Code Sign

6d:2d:d8:f6:95:a1:ac:bf:43:d0:71:2b:dc:94:e9:58
Certificate

Issuer

CN=Sunlight Studio

Not Before

20/11/2019, 05:28

Not After

31/12/2039, 23:59

Subject

CN=hwinfo

77:d7:f5:94:a2:83:49:83:41:dc:af:56:dc:a1:50:7a
Certificate

Issuer

CN=Sunlight Studio

Not Before

18/11/2019, 19:13

Not After

31/12/2039, 23:59

Subject

CN=Sunlight Studio

77:84:fe:c0:e8:b8:51:bc:3f:a6:8c:ad:ac:0f:7a:43:62:c3:10:0b
Signer

Actual PE Digest

77:84:fe:c0:e8:b8:51:bc:3f:a6:8c:ad:ac:0f:7a:43:62:c3:10:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 326KB - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 68KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 34KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

61223eb4e76931fb53a1c2d7b5ef0093

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 220KB

.rsrc Size: 7KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 512B

24ac54d1ceb9fd3dd1228e4b95371b77

Headers

File Characteristics

Imports

user32

advapi32

kernel32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 32KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

dafa20946fc6fdfd0c5db31929253d6b

Code Sign

01:00:00:00:00:01:15:37:24:21:a8Certificate

Key Usages

04:00:00:00:00:00:f9:7f:aa:2e:1eCertificate

Key Usages

04:00:00:00:00:01:08:d9:61:1c:d6Certificate

Key Usages

04:00:00:00:00:01:10:92:eb:82:95Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:08:d9:61:24:48Certificate

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

f5:7c:54:3d:f8:52:7b:d4:af:db:3a:e7:0d:9c:5d:8b:d6:0e:f6:9bSigner

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 384B - Virtual size: 372B

.data Size: 128B - Virtual size: 12B

INIT Size: 640B - Virtual size: 566B

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 256B - Virtual size: 168B

5295721310bd847773820c1d98dbe0ea

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 9KB

.pdata Size: 3KB - Virtual size: 2KB

.text
Size: 72KB - Virtual size: 220KB

.rsrc
Size: 7KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 512B

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

01:00:00:00:00:01:15:37:24:21:a8
Certificate

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

04:00:00:00:00:01:10:92:eb:82:95
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

f5:7c:54:3d:f8:52:7b:d4:af:db:3a:e7:0d:9c:5d:8b:d6:0e:f6:9b
Signer

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 384B - Virtual size: 372B

.data
Size: 128B - Virtual size: 12B

INIT
Size: 640B - Virtual size: 566B

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 256B - Virtual size: 168B

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 624B

01:00:00:00:00:01:15:37:24:21:a8
Certificate

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

04:00:00:00:00:01:10:92:eb:82:95
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

d3:7f:01:a4:7b:9f:ab:d6:4d:ab:fd:5c:9c:33:bc:05:7b:0b:da:38
Signer

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 340B

.data
Size: 512B - Virtual size: 276B

.pdata
Size: 512B - Virtual size: 84B

INIT
Size: 512B - Virtual size: 496B

.rsrc
Size: 1024B - Virtual size: 960B

.text
Size: 75KB - Virtual size: 216KB

.rsrc
Size: 13KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 4KB

6d:2d:d8:f6:95:a1:ac:bf:43:d0:71:2b:dc:94:e9:58
Certificate

77:d7:f5:94:a2:83:49:83:41:dc:af:56:dc:a1:50:7a
Certificate

77:84:fe:c0:e8:b8:51:bc:3f:a6:8c:ad:ac:0f:7a:43:62:c3:10:0b
Signer

.text
Size: 326KB - Virtual size: 824KB

.rdata
Size: 68KB - Virtual size: 204KB

.data
Size: 34KB - Virtual size: 248KB

.rsrc
Size: 1KB - Virtual size: 12KB

.reloc
Size: 28KB - Virtual size: 48KB

.aspack
Size: 15KB - Virtual size: 16KB

.adata
Size: - Virtual size: 4KB