XboxGamepad_2[.]1[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

XboxGamepad_2.1.rar
Size

718KB
MD5

a7c37331cdc523c8ae43c7a1535fc8e8
SHA1

c2f628f8eddc7f72e4124898d5aaeb307c13ee49
SHA256

2427c122897ee5dd465db796a62d9e00d2dac8d0812007334e14ec76ad7baf15
SHA512

e8d6089a9c85c200e9a71ada2c8c9ef978f5e8eec9b9844315e71296fd372963330c61e354ac2fa750643c37458bc2f3dcecc8a008026cb20fb5ffe2ae5ae687
SSDEEP

12288:RTGEQA+mqq+Vm2Fs8JiB/HDazGJUqBVlWRhq8qHKXsYy68cmQ1ctJWjTgzM:kEQA+mqq+VTFs8oB/DPJUqXlWfvrcYp/

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2.1/XINPUT/LibUsbDotNet.dll
unpack001/2.1/XINPUT/XboxOneDriver.dll
unpack001/2.1/XINPUT/xinput1_3.dll
unpack001/2.1/XboxOneGamePad.exe

Files

XboxGamepad_2.1.rar
.rar
2.1/XINPUT/LibUsbDotNet.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.1/XINPUT/XboxOneDriver.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Exports

Exports

GetButtons
GetLeftStickX
GetLeftStickY
GetLeftTrigger
GetRightStickX
GetRightStickY
GetRightTrigger
InitializeAll
IsConnected
SetVibration

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 338B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.1/XINPUT/XboxOneDriver.exp
2.1/XINPUT/XboxOneDriver.lib
2.1/XINPUT/xinput1_3.dll
.dll windows:6 windows x86 arch:x86

aebbab6f149ebf0c1013901917c1c908

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

dinput8

DirectInput8Create

wintrust

WinVerifyTrust

shlwapi

PathFileExistsA
PathCombineA
PathFindFileNameA
PathFindFileNameW
PathIsDirectoryA
PathRemoveFileSpecA

kernel32

HeapFree
HeapAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
RaiseException
IsProcessorFeaturePresent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
MulDiv
GetCurrentProcessId
GetCurrentThreadId
GetSystemInfo
GetVersionExA
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleW
GetProcAddress
GetLastError
SetLastError
GetModuleFileNameW
GetModuleHandleExA
GetModuleHandleExW
LoadLibraryExA
LoadLibraryExW
LoadLibraryA
LoadLibraryW
GetStdHandle
CreateDirectoryA
CloseHandle
GetLocalTime
FreeConsole
SetConsoleTitleA
AllocConsole
WriteConsoleA
GetConsoleWindow
GetTickCount
GetSystemDirectoryW
IsDebuggerPresent
DecodePointer
EncodePointer
Thread32Next
Thread32First
CreateToolhelp32Snapshot
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
OpenThread
VirtualFree
VirtualAlloc
VirtualQuery
VirtualProtect
GetProcessHeap

user32

CallWindowProcW
ReplyMessage
CreateWindowExW
GetSystemMetrics
DestroyWindow
IsWindow
MessageBoxW
MessageBoxA
MessageBeep
SetWindowLongW
InSendMessage
ShowWindow

shell32

SHGetFolderPathA

ole32

CoUninitialize
CoCreateInstance

oleaut32

SysReAllocString

msvcp110d

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_DebugHeapTag_func@std@@YAABU_DebugHeapTag_t@1@XZ
??3@YAXPAXABU_DebugHeapTag_t@std@@PADH@Z
??2@YAPAXIABU_DebugHeapTag_t@std@@PADH@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Debug_message@std@@YAXPB_W0I@Z
??0_Container_base12@std@@QAE@XZ
??1_Container_base12@std@@QAE@XZ
?_Getpfirst@_Container_base12@std@@QBEPAPAU_Iterator_base12@2@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Syserror_map@std@@YAPBDH@Z
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Swap_all@_Container_base12@std@@QAEXAAU12@@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Add_vtordisp1@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@DDH@std@@2V0locale@2@A
??0id@locale@std@@QAE@I@Z
?_Winerror_map@std@@YAPBDH@Z

msvcr110d

_wmakepath_s
_wsplitpath_s
__clean_type_info_names_internal
?terminate@@YAXXZ
??2@YAPAXI@Z
??3@YAXPAX@Z
_invalid_parameter
tolower
memcpy
strcpy_s
strlen
memmove
strchr
sscanf_s
vsprintf_s
strtol
strtoul
??_V@YAXPAX@Z
_CrtDbgReportW
_CxxThrowException
__CxxFrameHandler3
memset
sqrt
_CrtSetDbgFlag
memcmp
wcscpy_s
wcslen
sprintf_s
swprintf_s
vswprintf_s
wcsrchr
wcsstr
swscanf_s
memchr
_purecall
memcpy_s
strcat_s
fclose
fflush
fgetc
fgetpos
fputc
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
_lock_file
_unlock_file
free
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
abs
labs
fabs
_wassert
_lock
_unlock
_calloc_dbg
__dllonexit
_onexit
_CRT_RTC_INITW
_except_handler4_common
??1type_info@@UAE@XZ
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__CppXcptFilter
_amsg_exit
_malloc_dbg
_free_dbg
_CrtSetCheckCount
_initterm
_initterm_e

setupapi

SetupDiGetDeviceInstanceIdW

Exports

Exports

DllMain
XInputEnable
XInputGetAudioDeviceIds
XInputGetBatteryInformation
XInputGetCapabilities
XInputGetDSoundAudioDeviceGuids
XInputGetKeystroke
XInputGetState
XInputSetState
reset

Sections

.textbss
Size: - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 374KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.1/XboxOneGamePad.exe
.exe windows:4 windows x86 arch:x86

5a36a1f8d2ecf51b960e32d735e9ca2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

GetExitCodeThread
WaitForSingleObject
CreateThread
GetLastError
SystemTimeToFileTime
GetLocalTime
GetFileAttributesW
CreateDirectoryW
VirtualFree
GetModuleHandleW
GetProcAddress
LoadLibraryA
LockResource
LoadResource
SizeofResource
FindResourceExA
GetSystemDefaultLCID
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
MultiByteToWideChar
GetLocaleInfoW
lstrlenA
lstrcmpiW
GetEnvironmentVariableW
GlobalMemoryStatusEx
VirtualAlloc
WideCharToMultiByte
ExpandEnvironmentStringsW
lstrcmpW
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
CompareFileTime
GetSystemTimeAsFileTime
Sleep
GetTempPathW
SetEnvironmentVariableW
CloseHandle
WriteFile
CreateFileW
GetDriveTypeW
SetCurrentDirectoryW
GetExitCodeProcess
GetModuleFileNameW
GetCommandLineW
GetVersionExW
CreateEventW
SetEvent
ResetEvent
InitializeCriticalSection
MulDiv
TerminateThread
ResumeThread
SuspendThread
LocalFree
lstrcpyW
FormatMessageW
GetSystemDirectoryW
DeleteCriticalSection
GetFileSize
SetFilePointer
ReadFile
SetFileTime
SetEndOfFile
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
GetModuleHandleA
SetLastError
SetFileAttributesW
GetDiskFreeSpaceExW
lstrcatW
ExitProcess
lstrlenW
GetStartupInfoA

user32

EndDialog
CharUpperW
SetTimer
DestroyWindow
KillTimer
DispatchMessageW
wsprintfW
GetSystemMenu
EnableMenuItem
IsWindow
EnableWindow
MessageBeep
LoadIconW
LoadImageW
wvsprintfW
DefWindowProcW
CallWindowProcW
GetWindowDC
DrawIconEx
DialogBoxIndirectParamW
GetWindow
ClientToScreen
GetDC
DrawTextW
ReleaseDC
ShowWindow
SetWindowPos
SystemParametersInfoW
SetFocus
GetWindowLongW
SetWindowLongW
GetSystemMetrics
GetClientRect
GetDlgItem
GetKeyState
wsprintfA
MessageBoxA
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
GetMessageW
GetWindowRect
ScreenToClient
CreateWindowExW
SendMessageW
GetParent

gdi32

CreateFontIndirectW
SelectObject
GetDeviceCaps
GetObjectW
DeleteObject

shell32

SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetMalloc

ole32

CoCreateInstance
CoInitialize

oleaut32

VariantClear
SysAllocString

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_CxxThrowException
_beginthreadex
_EH_prolog
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
memset
_wcsnicmp
memcpy
malloc
memmove
_wtol
free
memcmp
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
_controlfp

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 144KB - Virtual size: 143KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.sdata Size: 512B - Virtual size: 338B

.rsrc Size: 1024B - Virtual size: 808B

.reloc Size: 512B - Virtual size: 32B

aebbab6f149ebf0c1013901917c1c908

Headers

DLL Characteristics

File Characteristics

Imports

dinput8

wintrust

shlwapi

kernel32

user32

shell32

ole32

oleaut32

msvcp110d

msvcr110d

setupapi

Exports

Exports

Sections

.textbss Size: - Virtual size: 171KB

.text Size: 374KB - Virtual size: 374KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 5KB - Virtual size: 7KB

.idata Size: 10KB - Virtual size: 10KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 15KB - Virtual size: 15KB

5a36a1f8d2ecf51b960e32d735e9ca2b

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

shell32

ole32

oleaut32

msvcrt

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 144KB - Virtual size: 143KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 9KB - Virtual size: 9KB

.sdata
Size: 512B - Virtual size: 338B

.rsrc
Size: 1024B - Virtual size: 808B

.reloc
Size: 512B - Virtual size: 32B

.textbss
Size: - Virtual size: 171KB

.text
Size: 374KB - Virtual size: 374KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 5KB - Virtual size: 7KB

.idata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 15KB - Virtual size: 15KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 17KB - Virtual size: 16KB