MeiUSB[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

MeiUSB.exe
Size

509KB
MD5

5f425f3525382015fd94aec030ad7662
SHA1

fd4b73d562b003c10d70df039c7ce20a2f8b2c37
SHA256

1be22d8b3e70b3a091c0002abc6c5c83a81b9dc95cbda8bf1e04027da5f32769
SHA512

aa7144da6a302fcb1324d2db74099bf25eac14ca617ebe33da125ec25e6ee87f5bf85e5da782087dfb5343fc9ce5d81ac668035b61176ac337b1fe2694146dbf
SSDEEP

12288:t5G62mAS4N/BIPrxub8mAvXQ3lgSggig8HzGyn9E2y5h:t56NNJIPVuYtXXSgTg8H6ynRy5h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MeiUSB.exe

Files

MeiUSB.exe
.exe windows:4 windows x86 arch:x86

fb11321ae9dee8b7369b99a7955ee82b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeZoneInformation
SetFileAttributesA
CreateFileA
lstrcpyA
lstrcatA
GetLastError
GetCurrentDirectoryA
DeleteFileA
FlushFileBuffers
ReadFile
SetFilePointer
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetFileTime
CloseHandle
GetFullPathNameA
_lclose
OpenFile
SetVolumeLabelA
GetVolumeInformationA
WriteFile
GetModuleFileNameA
lstrlenA
SetCurrentDirectoryA
GetVersionExA
HeapReAlloc
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateDirectoryA
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
LoadLibraryA
FreeEnvironmentStringsA
SetStdHandle
RtlUnwind
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
CreateThread
GetProcAddress
TerminateProcess
GetFileAttributesA
GetCurrentProcess
HeapDestroy
GetStringTypeW
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetCPInfo
GetStringTypeA
UnhandledExceptionFilter
HeapCreate
VirtualFree
VirtualAlloc
GetACP
GetOEMCP
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
LCMapStringW

user32

SetDlgItemTextA
GetSystemMetrics
GetWindowRect
MoveWindow
GetDlgItemTextA
PostMessageA
SetActiveWindow
SetFocus
EndDialog
GetDlgItem
SendMessageA
GetDesktopWindow
MessageBoxA
LoadStringA
wsprintfA
DialogBoxParamA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc

comctl32

ord17

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 939B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb11321ae9dee8b7369b99a7955ee82b

Headers

File Characteristics

Imports

kernel32

user32

shell32

comctl32

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 1024B - Virtual size: 939B

.data Size: 12KB - Virtual size: 58KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 1024B - Virtual size: 939B

.data
Size: 12KB - Virtual size: 58KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 4KB