41111a63b45bf0a86e63cc67a410067eb4c2afc914b1cc75307f92bded981b46[.]zip[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

41111a63b45bf0a86e63cc67a410067eb4c2afc914b1cc75307f92bded981b46.zip.zip
Size

817KB
MD5

bed3eb737c9c1ec4b713192c1939bb21
SHA1

e1922163d2374894da006320f90cd29a8b579220
SHA256

f07f6044bbe87080fd9a49ff5b8929edb42ec1e7d0c7bdb1d4ec6b22ca197010
SHA512

87320d226311892d3126aee61b0ee907767e9901fa4ccb332c65e1567c6820f0683dd4e2796a0a291847704aa5c61566fd7317f459b903b50204772ee1608ba7
SSDEEP

24576:m/h5wNyaLKNKLcYDJR12I2IFfCVv1w8rI:+h5wNYmcyzt5CVS8rI

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/ணࠬ  /DSS-3x.exe	upx

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack002/ணࠬ  /DSS-3x.exe
unpack003/out.upx
unpack004/CDM 2.00.00/FTBUSUI.dll
unpack004/CDM 2.00.00/FTD2XX.dll
unpack004/CDM 2.00.00/FTDIBUS.sys
unpack004/CDM 2.00.00/FTDIUNIN.exe
unpack004/CDM 2.00.00/FTLang.dll
unpack004/CDM 2.00.00/ftcserco.dll
unpack004/CDM 2.00.00/ftser2k.sys
unpack004/CDM 2.00.00/ftserui2.dll

Files

41111a63b45bf0a86e63cc67a410067eb4c2afc914b1cc75307f92bded981b46.zip.zip
.zip

Password: infected
41111a63b45bf0a86e63cc67a410067eb4c2afc914b1cc75307f92bded981b46.zip
.zip
DSS-31a.hex
ணࠬ  /DSS-3x.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 424KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 527KB - Virtual size: 526KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ணࠬ  /ࠩ USB  㠫쭮 COM-/CDM 2.00.00.rar
.rar
CDM 2.00.00/CDM 2.00.00 Release Info.doc
.rtf .doc
CDM 2.00.00/FTBUSUI.dll
.dll windows:4 windows x86

98d4b5ce88c34a933c0d00ed38da29f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceInterfaceDetailA

kernel32

GetCurrentThread
CompareStringW
CompareStringA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
OutputDebugStringA
LocalFree
LoadLibraryA
LoadLibraryW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
GetLastError
SetLastError
GetModuleFileNameW
LocalAlloc
CloseHandle
DeviceIoControl
CreateFileA
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetLocaleInfoW
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetEnvironmentVariableA
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
HeapSize
MultiByteToWideChar
GetLocaleInfoA

user32

SetWindowLongA
EnableWindow
SetCursor
LoadCursorA
IsDlgButtonChecked
GetWindowLongA
GetDlgItem
CheckDlgButton

Exports

Exports

DllMain
FTBUSUIPropPageProvider

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CDM 2.00.00/FTD2XX.H
CDM 2.00.00/FTD2XX.dll
.dll windows:4 windows x86

504f669c51295b957c555c183ec79ebf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList

kernel32

TlsFree
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
IsValidCodePage
DeviceIoControl
CloseHandle
ReadFile
WriteFile
CreateFileA
GetLastError
GetOverlappedResult
CancelIo
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
SetEnvironmentVariableA
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
GetTimeZoneInformation
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
InitializeCriticalSection
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
HeapSize
GetCPInfo
GetACP
GetOEMCP
GetLocaleInfoA
GetLocaleInfoW
SetEndOfFile
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale

Exports

Exports

FT_Close
FT_ClrDtr
FT_ClrRts
FT_CreateDeviceInfoList
FT_CyclePort
FT_EE_Program
FT_EE_ProgramEx
FT_EE_Read
FT_EE_ReadEx
FT_EE_UARead
FT_EE_UASize
FT_EE_UAWrite
FT_EraseEE
FT_GetBitMode
FT_GetDeviceInfo
FT_GetDeviceInfoDetail
FT_GetDeviceInfoList
FT_GetDriverVersion
FT_GetEventStatus
FT_GetLatencyTimer
FT_GetLibraryVersion
FT_GetModemStatus
FT_GetQueueStatus
FT_GetStatus
FT_IoCtl
FT_ListDevices
FT_Open
FT_OpenEx
FT_Purge
FT_Read
FT_ReadEE
FT_ResetDevice
FT_ResetPort
FT_RestartInTask
FT_SetBaudRate
FT_SetBitMode
FT_SetBreakOff
FT_SetBreakOn
FT_SetChars
FT_SetDataCharacteristics
FT_SetDeadmanTimeout
FT_SetDivisor
FT_SetDtr
FT_SetEventNotification
FT_SetFlowControl
FT_SetLatencyTimer
FT_SetResetPipeRetryCount
FT_SetRts
FT_SetTimeouts
FT_SetUSBParameters
FT_SetWaitMask
FT_StopInTask
FT_W32_CancelIo
FT_W32_ClearCommBreak
FT_W32_ClearCommError
FT_W32_CloseHandle
FT_W32_CreateFile
FT_W32_EscapeCommFunction
FT_W32_GetCommModemStatus
FT_W32_GetCommState
FT_W32_GetCommTimeouts
FT_W32_GetLastError
FT_W32_GetOverlappedResult
FT_W32_PurgeComm
FT_W32_ReadFile
FT_W32_SetCommBreak
FT_W32_SetCommMask
FT_W32_SetCommState
FT_W32_SetCommTimeouts
FT_W32_SetupComm
FT_W32_WaitCommEvent
FT_W32_WriteFile
FT_WaitOnMask
FT_Write
FT_WriteEE

Sections

.text
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CDM 2.00.00/FTD2XX.lib
CDM 2.00.00/FTDIBUS.INF
CDM 2.00.00/FTDIBUS.sys
.sys windows:5 windows x86

a4f776922d9b75fb7c4571d75d8595da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeInitializeSpinLock
PoSetPowerState
KeInitializeDpc
IoAttachDeviceToDeviceStack
IofCallDriver
RtlFreeUnicodeString
IofCompleteRequest
KeInitializeEvent
IoBuildDeviceIoControlRequest
ExFreePool
ExAllocatePoolWithTag
KeInitializeTimer
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
IoCreateDevice
InterlockedIncrement
RtlWriteRegistryValue
RtlQueryRegistryValues
ObfReferenceObject
KeWaitForSingleObject
KeSetEvent
IoDeleteDevice
IoDetachDevice
ObfDereferenceObject
IoGetDeviceProperty
RtlInitUnicodeString
PoCallDriver
PoStartNextPowerIrp
PoRequestPowerIrp
ExQueueWorkItem
InterlockedExchange
InterlockedDecrement
IoCancelIrp
IoIsWdmVersionAvailable
ExEventObjectType
KeCancelTimer
KeSetTimer
IoFreeMdl
IoBuildPartialMdl
IoAllocateMdl
MmMapLockedPagesSpecifyCache
ZwClose
PsCreateSystemThread
PsTerminateSystemThread
KeClearEvent
KeWaitForMultipleObjects
KeSetPriorityThread
KeGetCurrentThread
RtlCompareUnicodeString
RtlUnicodeStringToInteger
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
ObReferenceObjectByPointer
IoGetDeviceObjectPointer
RtlCompareMemory
IoOpenDeviceRegistryKey
ZwOpenKey
ZwEnumerateKey
ZwQueryKey
ZwQueryValueKey
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ZwSetValueKey
IoInvalidateDeviceRelations
ZwEnumerateValueKey
swprintf
IoReleaseCancelSpinLock
ObReferenceObjectByHandle

hal

KeGetCurrentIrql
KfAcquireSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KfReleaseSpinLock

usbd.sys

_USBD_CreateConfigurationRequestEx@8
_USBD_ParseConfigurationDescriptorEx@28
USBD_GetUSBDIVersion

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 448B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 768B - Virtual size: 765B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 800B - Virtual size: 785B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 864B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CDM 2.00.00/FTDIPORT.INF
CDM 2.00.00/FTDIUN2K.INI
CDM 2.00.00/FTDIUNIN.exe
.exe windows:4 windows x86

bea23ef2baf06b93fa89f7195e770437

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA

kernel32

CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
FreeLibrary
SetFilePointer
CreateFileA
InitializeCriticalSection
ReadFile
FlushFileBuffers
GetConsoleMode
HeapCreate
HeapDestroy
GetVersionExA
GetLastError
RemoveDirectoryA
GetSystemDirectoryA
FindClose
GetModuleHandleA
GetProcAddress
GetCurrentProcess
FindFirstFileA
FindNextFileA
SetFileAttributesA
GetWindowsDirectoryA
CompareStringW
InterlockedExchange
TlsFree
RtlUnwind
DeleteFileA
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
SetEnvironmentVariableA
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
CloseHandle
SetHandleCount
GetFileType
DeleteCriticalSection
Sleep
ExitProcess
FatalAppExitA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
HeapSize
SetConsoleCtrlHandler
LoadLibraryA
MultiByteToWideChar
GetLocaleInfoA
GetLocaleInfoW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
GetConsoleCP

user32

GetSysColor
GetSysColorBrush
EndDialog
SetWindowTextA
SetFocus
DialogBoxParamA
GetDC
ReleaseDC
GetDlgItem
SendMessageA
LoadStringA
wsprintfA
EnableWindow

gdi32

GetTextMetricsA
CreateFontIndirectA
SelectObject
SetBkColor

advapi32

RegEnumKeyExA
RegOpenKeyA
InitializeSecurityDescriptor
RegSetKeySecurity
RegQueryInfoKeyA
RegEnumValueA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CDM 2.00.00/FTLang.dll
.dll windows:4 windows x86

8c3a16551d585a8847403d33eb5f90fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

LoadStringW

kernel32

GetSystemTimeAsFileTime
SetEnvironmentVariableA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
GetCurrentThread
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
WriteFile
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetLocaleInfoW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeZoneInformation
CompareStringA
CompareStringW

Exports

Exports

??0CFTLang@@QAE@XZ
??4CFTLang@@QAEAAV0@ABV0@@Z
FTGetText
nFTLang

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CDM 2.00.00/ftcserco.dll
.dll windows:5 windows x86

331fdfe7bf5ac00fa0ee4d8f02d54c91

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupOpenInfFileW
SetupDiGetActualSectionToInstallW
SetupDiGetDriverInfoDetailW
SetupInstallFromInfSectionW
SetupDiGetSelectedDriverW
SetupDiCreateDevRegKeyW
SetupCloseInfFile
CM_Get_Device_IDW

kernel32

VirtualFree
GetLastError
lstrlenW
LocalFree
LocalAlloc
WideCharToMultiByte
MultiByteToWideChar
VirtualAlloc
HeapFree
HeapAlloc
LCMapStringA
LCMapStringW

advapi32

RegOpenKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey

user32

wsprintfW

msports

ComDBClose
ComDBClaimPort
ComDBReleasePort
ComDBClaimNextFreePort
ComDBOpen

Exports

Exports

FTCSERCoInstaller

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CDM 2.00.00/ftdibus.cat
CDM 2.00.00/ftdiport.cat
CDM 2.00.00/ftser2k.sys
.sys windows:5 windows x86

274589354590468b338a50282519c7bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_except_handler3
InterlockedDecrement
KeRemoveQueueDpc
ExFreePool
PoSetPowerState
KeWaitForSingleObject
IoWMIRegistrationControl
IoDeleteDevice
IoDetachDevice
KeDelayExecutionThread
IoCancelIrp
KeInitializeDpc
KeInitializeTimer
KeInitializeSpinLock
MmLockPagableDataSection
MmUnmapIoSpace
IofCallDriver
KeWaitForMultipleObjects
MmLockPagableSectionByHandle
MmQuerySystemSize
InterlockedIncrement
ZwClose
IoOpenDeviceRegistryKey
KeQuerySystemTime
KeInsertQueueDpc
KeSetTimer
KeCancelTimer
PoCallDriver
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
ExAllocatePoolWithQuotaTag
IoCreateDevice
KefAcquireSpinLockAtDpcLevel
KeInitializeEvent
ExAllocatePoolWithTag
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlInitUnicodeString
RtlAppendUnicodeToString
IoAttachDeviceToDeviceStack
IoGetConfigurationInformation
wcslen
RtlDeleteRegistryValue
IoDeleteSymbolicLink
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
RtlWriteRegistryValue
IoCreateSymbolicLink
ObfDereferenceObject
RtlQueryRegistryValues
ZwQueryValueKey
PoRequestPowerIrp
PoStartNextPowerIrp
KeClearEvent
IoFreeIrp
IoAllocateIrp
ObReferenceObjectByHandle
PsCreateSystemThread
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
memmove
DbgBreakPoint
MmUnlockPagableImageSection
KeSetEvent
_allmul
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
InterlockedExchange
IofCompleteRequest
KefReleaseSpinLockFromDpcLevel

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql
READ_PORT_UCHAR
ExAcquireFastMutex
ExReleaseFastMutex
KfAcquireSpinLock
KfReleaseSpinLock

wmilib.sys

WmiCompleteRequest
WmiSystemControl

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 288B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGESRP0
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESER
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 160B - Virtual size: 143B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CDM 2.00.00/ftserui2.dll
.dll windows:5 windows x86

d8f41154f2c3f1f5f8a953afcd7ad722

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcscpy
wcslen
_wcsupr
wcsspn
wcscspn
wcscat
wcscmp
wcsstr
wcschr
_itoa

setupapi

CM_Get_Res_Des_Data
CM_Get_Next_Res_Des
CM_Get_First_Log_Conf
SetupDiInstallDevice
CM_Get_DevNode_Status
SetupDiGetDeviceInstanceIdW
CM_Free_Res_Des_Handle
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupCloseInfFile
SetupDiGetDeviceInfoListDetailW
SetupDiGetActualSectionToInstallW
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDevRegKey
SetupDiCreateDevRegKeyW
CM_Free_Log_Conf_Handle
SetupDiGetSelectedDriverW
SetupDiGetDriverInfoDetailW
SetupOpenInfFileW
SetupDiRemoveDevice
SetupDiSetDeviceRegistryPropertyW
SetupInstallFromInfSectionW
SetupDiGetClassInstallParamsW
SetupDiMoveDuplicateDevice

user32

CheckDlgButton
CharNextW
CheckRadioButton
GetWindowTextW
CharPrevW
MessageBoxW
SendMessageTimeoutW
wvsprintfW
GetWindowTextLengthW
ShowWindow
GetDlgCtrlID
SetDlgItemTextW
DialogBoxParamW
IsDlgButtonChecked
SendDlgItemMessageW
LoadStringW
SetWindowLongW
GetDlgItem
EnableWindow
WinHelpW
GetWindowLongW
EndDialog
GetParent
SendMessageW
GetFocus
SetWindowTextW
wsprintfW

advapi32

RegQueryValueExW
RegSetValueExW
RegCloseKey
RegEnumValueW
RegOpenKeyExW

kernel32

CreateFileW
CloseHandle
DefineDosDeviceW
GetProfileStringW
QueryDosDeviceW
DisableThreadLibraryCalls
GetLastError
lstrcmpW
lstrcmpiW
lstrcatW
GetUserDefaultLCID
GetLocaleInfoW
lstrcpyW
LocalFree
LocalAlloc
SetLastError
MultiByteToWideChar
lstrlenW
WriteProfileStringW

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageW

msports

ComDBClaimNextFreePort
ComDBReleasePort
ComDBClose
ComDBOpen
ComDBGetCurrentPortUsage
ComDBClaimPort

Exports

Exports

LibMain
ParallelPortPropPageProvider
PortsClassInstaller
SerialPortPropPageProvider

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ணࠬ  /樫ࠬ/20  1 _.txt
ணࠬ  /樫ࠬ/ PAL.txt
ணࠬ  /樫ࠬ/   .txt
ணࠬ  /樫ࠬ/ 1 .txt
ணࠬ  /樫ࠬ/ ⮩ ஢.txt
ணࠬ  /樫ࠬ/ 1 .txt
ணࠬ  /樫ࠬ/ 1 .txt
ணࠬ  /樫ࠬ/ 1.5 .txt
ணࠬ  /樫ࠬ/ 126 .txt
ணࠬ  /樫ࠬ/ 2.5 .txt
ணࠬ  /樫ࠬ/ 3.5 .txt
ணࠬ  /樫ࠬ/ 5 .txt
ணࠬ  /樫ࠬ/.txt
ணࠬ  /樫ࠬ/㣮 1 .txt
2.lay

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 424KB

UPX1 Size: 388KB - Virtual size: 388KB

.rsrc Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Sections

CODE Size: 527KB - Virtual size: 526KB

DATA Size: 7KB - Virtual size: 7KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 34KB - Virtual size: 33KB

.rsrc Size: 200KB - Virtual size: 200KB

98d4b5ce88c34a933c0d00ed38da29f2

Headers

File Characteristics

Imports

setupapi

kernel32

user32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

504f669c51295b957c555c183ec79ebf

Headers

File Characteristics

Imports

setupapi

kernel32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 125KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 988B

.reloc Size: 8KB - Virtual size: 5KB

a4f776922d9b75fb7c4571d75d8595da

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

usbd.sys

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 448B - Virtual size: 424B

.data Size: 768B - Virtual size: 765B

PAGE Size: 800B - Virtual size: 785B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 864B - Virtual size: 856B

.reloc Size: 1KB - Virtual size: 1KB

bea23ef2baf06b93fa89f7195e770437

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

advapi32

Sections

.text Size: 144KB - Virtual size: 143KB

.rdata Size: 20KB - Virtual size: 19KB

UPX0
Size: - Virtual size: 424KB

UPX1
Size: 388KB - Virtual size: 388KB

.rsrc
Size: 5KB - Virtual size: 8KB

CODE
Size: 527KB - Virtual size: 526KB

DATA
Size: 7KB - Virtual size: 7KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 34KB - Virtual size: 33KB

.rsrc
Size: 200KB - Virtual size: 200KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 128KB - Virtual size: 125KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 988B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 448B - Virtual size: 424B

.data
Size: 768B - Virtual size: 765B

PAGE
Size: 800B - Virtual size: 785B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 864B - Virtual size: 856B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 66KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 1024B - Virtual size: 624B

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 512B - Virtual size: 488B

.data
Size: 288B - Virtual size: 276B

PAGESRP0
Size: 12KB - Virtual size: 12KB

PAGESER
Size: 13KB - Virtual size: 13KB

PAGE
Size: 160B - Virtual size: 143B

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 18KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 1KB - Virtual size: 1KB