44efadcb43e532dfa71d4e4a5a8382b7

Sharing

Copy URL Twitter E-mail

General

Target

44efadcb43e532dfa71d4e4a5a8382b7
Size

2.4MB
MD5

44efadcb43e532dfa71d4e4a5a8382b7
SHA1

9a247a43fad027994c293b78ab08aee560934733
SHA256

3e89abf8b832611243adfc4dd2ebad404787d613ab11b1897bbdabf213d684ac
SHA512

338a17492a6d5ea0dd49fdcc2d3ffcc014cbd8604d49f4c7cb665822e17a90c00684cd9bc74963d6258a7b0ecce09df6a21d11e28c5029e00ef3f2057db64de4
SSDEEP

49152:xgCyZAuIAZ99UfqQCNAI3jhUXAKtPyDhU1Kfu42V7bG+lrhZE7:x2APcUfubhwXPyDcKm42xlrhZE7

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Drivers/SWind.sys
unpack001/setup.exe
unpack001/串口调试程序/WTTY200D.EXE

Files

44efadcb43e532dfa71d4e4a5a8382b7
.rar
Drivers/SWind.inf
Drivers/SWind.sys
.sys windows:5 windows x86 arch:x86

9ecf7f3e9b50f38835fae0a933e5fcde

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCallDriver
PoCallDriver
ZwClose
PoStartNextPowerIrp
IofCompleteRequest
IoFreeMdl
RtlUnwind
PoSetPowerState
ExAllocatePoolWithTag
ExFreePool
RtlInitAnsiString
ObfDereferenceObject
DbgBreakPoint
memmove
strchr
_vsnprintf
DbgPrint
InterlockedIncrement
InterlockedDecrement
RtlAppendUnicodeStringToString
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateDevice
IoAttachDeviceToDeviceStack
RtlIntegerToUnicodeString
InterlockedExchange
RtlFreeUnicodeString
KeReleaseMutex
KeWaitForSingleObject
IoDetachDevice
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
KeClearEvent
KeSetEvent
IoCreateSymbolicLink
IoFreeIrp
IoAllocateIrp
PoRequestPowerIrp
IoCancelIrp
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
KeInitializeSpinLock
IoGetDeviceObjectPointer
IoBuildDeviceIoControlRequest
KeInitializeEvent
KefAcquireSpinLockAtDpcLevel
KeInitializeMutex
KeRemoveEntryDeviceQueue
KefReleaseSpinLockFromDpcLevel

usbd.sys

_USBD_CreateConfigurationRequestEx@8
_USBD_ParseConfigurationDescriptorEx@28

hal

KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 32B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.STL
Size: 32B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Drivers/新云软件.url
.url
Readme.txt
setup.exe
.exe windows:4 windows x86 arch:x86

a24e57cfb1e35030a9b4252bf1fa8b4b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
lstrcpyA
lstrlenA
_lclose
RemoveDirectoryA
DeleteFileA
GetModuleFileNameA
_lread
_llseek
_lopen
GetDiskFreeSpaceA
SetCurrentDirectoryA
CreateDirectoryA
GetFileAttributesA
lstrcatA
GetTempPathA
GetCurrentDirectoryA
_lwrite
_lcreat
CloseHandle
GetExitCodeProcess
CreateProcessA
ExitProcess
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
WriteFile
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

TranslateMessage
DispatchMessageA
PeekMessageA
MsgWaitForMultipleObjects
wsprintfA
LoadCursorA
SetCursor
MessageBoxA

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
串口调试程序/WTTY200D.EXE
.exe windows:4 windows x86 arch:x86

04c6a46774c4270abb60d2563cd3db3c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
HeapSize
GetTimeZoneInformation
GetSystemTime
FreeEnvironmentStringsW
GetLocalTime
FreeEnvironmentStringsA
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
UnhandledExceptionFilter
GetEnvironmentStrings
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
VirtualAlloc
GetFileType
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CreateThread
HeapDestroy
GetDiskFreeSpaceA
GetACP
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetOverlappedResult
ReadFile
Sleep
GlobalLock
GlobalUnlock
GetVersionExA
ClearCommBreak
SetCommBreak
EscapeCommFunction
CloseHandle
WriteFile
GetLastError
ClearCommError
CreateFileA
SetCommMask
SetupComm
PurgeComm
ExitThread
HeapFree
TerminateProcess
RaiseException
GetCommandLineA
HeapAlloc
ExitProcess
RtlUnwind
GetStartupInfoA
GetSystemTimeAsFileTime
SystemTimeToFileTime
SetErrorMode
GetCurrentDirectoryA
LocalFileTimeToFileTime
GetFileSize
GetCPInfo
SizeofResource
GetOEMCP
TlsSetValue
TlsGetValue
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
LeaveCriticalSection
TlsAlloc
EnterCriticalSection
GlobalFlags
DeleteCriticalSection
InitializeCriticalSection
FileTimeToSystemTime
GetProcessVersion
FileTimeToLocalFileTime
GetStringTypeExA
GetShortPathNameA
GetThreadLocale
FindClose
GetVolumeInformationA
FindFirstFileA
SetEndOfFile
DeleteFileA
MoveFileA
FlushFileBuffers
UnlockFile
LockFile
DuplicateHandle
SetFilePointer
GetCurrentProcess
LocalUnlock
LocalAlloc
LocalLock
SetFileTime
GetFileTime
SetCommTimeouts
GetCommState
GetFileAttributesA
GetFullPathNameA
GetTempFileNameA
WritePrivateProfileStringA
MulDiv
SetLastError
SuspendThread
GetPrivateProfileStringA
CreateEventA
GetPrivateProfileIntA
SetEvent
SetThreadPriority
ResumeThread
lstrcmpA
GlobalAlloc
GetCurrentThread
GetModuleFileNameA
LocalFree
FreeLibrary
GlobalFree
LoadLibraryA
LockResource
FindResourceA
LoadResource
GlobalFindAtomA
GetCurrentThreadId
lstrcmpiA
GetProcAddress
GlobalDeleteAtom
GetModuleHandleA
GlobalGetAtomNameA
lstrcatA
lstrcpynA
MultiByteToWideChar
GlobalAddAtomA
GetVersion
InterlockedIncrement
WideCharToMultiByte
InterlockedDecrement
GetCommModemStatus
lstrcpyA
lstrlenA
WaitForSingleObject
IsBadWritePtr
SetCommState
GetProfileStringA

user32

IsZoomed
SetParent
PtInRect
IsRectEmpty
AppendMenuA
DeleteMenu
GetSystemMenu
PostQuitMessage
ShowOwnedPopups
GetCursorPos
ValidateRect
TranslateMessage
GetMessageA
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetTabbedTextExtentA
SetRect
IsClipboardFormatAvailable
MessageBeep
DestroyCursor
LoadCursorA
FillRect
CharUpperA
GetSysColorBrush
GetClassNameA
KillTimer
WindowFromPoint
InflateRect
SetCapture
InvertRect
GetDCEx
LockWindowUpdate
InsertMenuA
GetMenuStringA
DestroyIcon
FindWindowA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
DispatchMessageA
ScreenToClient
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
ReleaseDC
GetDC
SetScrollPos
GetTopWindow
IsChild
RegisterClassA
SetWindowPlacement
LoadBitmapA
DefWindowProcA
DestroyWindow
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
GetMessagePos
GetForegroundWindow
SetForegroundWindow
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetLastActivePopup
IsWindowVisible
IsIconic
GetFocus
EqualRect
CopyRect
GetDlgItem
InvalidateRect
GetKeyState
GetDlgCtrlID
UnpackDDElParam
ReuseDDElParam
SetActiveWindow
WinHelpA
SetMenu
LoadIconA
GetClassInfoA
LoadMenuA
DestroyMenu
SetFocus
ShowWindow
GetDesktopWindow
GetWindow
IsWindowEnabled
SetCursor
PeekMessageA
PostMessageA
GetCapture
ReleaseCapture
LoadAcceleratorsA
SetRectEmpty
RegisterWindowMessageA
GetActiveWindow
wsprintfA
GetParent
GetMenuItemID
AdjustWindowRectEx
RedrawWindow
SetWindowPos
GetClientRect
GetWindowLongA
SetWindowLongA
IsWindow
DefMDIChildProcA
GetMenuCheckMarkDimensions
DrawMenuBar
TranslateAcceleratorA
LoadStringA
EndDialog
CreateDialogIndirectParamA
GetScrollPos
SetScrollRange
GetWindowTextLengthA
TranslateMDISysAccel
DefFrameProcA
CreateWindowExA
BringWindowToTop
GetMenu
GetMenuItemCount
GetSubMenu
OpenClipboard
GetClipboardData
CloseClipboard
SetTimer
SendMessageA
UpdateWindow
EnableWindow
MessageBoxA
RemovePropA
GetMessageTime
GetWindowTextA
HideCaret
ShowCaret
UnregisterClassA
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
CharNextA
IsWindowUnicode

gdi32

SetBkColor
GetObjectA
SetTextColor
DeleteDC
StretchDIBits
CreateBitmap
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetCharWidthA
CreateFontA
DeleteObject
GetTextMetricsA
StartDocA
GetTextExtentPoint32A
RestoreDC
GetStockObject
SaveDC
SetBkMode
SetPolyFillMode
SetStretchBltMode
SetMapMode
SetROP2
OffsetViewportOrgEx
SetViewportExtEx
SetViewportOrgEx
SetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SelectClipRgn
SetWindowExtEx
IntersectClipRect
ExcludeClipRect
SetTextAlign
LineTo
GetCurrentPositionEx
CreateRectRgn
GetDeviceCaps
GetWindowExtEx
CreatePen
GetViewportExtEx
CreateSolidBrush
PtVisible
CreatePatternBrush
TextOutA
ExtTextOutA
RectVisible
CreateFontIndirectA
DPtoLP
Escape
Rectangle
GetViewportOrgEx
PatBlt
EndDoc
EndPage
AbortDoc
SetAbortProc
CreateDCA
StartPage
LPtoDP
GetBkColor
BitBlt
GetTextColor
GetStretchBltMode
GetNearestColor
GetTextAlign
GetBkMode
GetPolyFillMode
GetTextFaceA
GetWindowOrgEx
GetROP2
SetRectRgn
CombineRgn
CreateDIBitmap
CreateRectRgnIndirect
MoveToEx
GetTextExtentPointA
GetClipBox

comdlg32

ReplaceTextA
FindTextA
PrintDlgA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
CommDlgExtendedError

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegSetValueA
RegCreateKeyA
RegSetValueExA
GetFileSecurityA
RegQueryValueExA
SetFileSecurityA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyA
RegDeleteValueA
RegQueryInfoKeyA
RegQueryValueA
RegEnumKeyA

shell32

ShellExecuteA
DragFinish
DragQueryFileA
SHGetFileInfoA
ExtractIconA

comctl32

ord17

Sections

.text
Size: 228KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
快速入门.doc
.doc windows office2003
润普公司简介.doc
.doc windows office2003

Sharing

General

Malware Config

Signatures

Files

9ecf7f3e9b50f38835fae0a933e5fcde

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

usbd.sys

hal

Sections

.text Size: 32KB - Virtual size: 32KB

.data Size: 1KB - Virtual size: 1KB

.CRT Size: 32B - Virtual size: 12B

.STL Size: 32B - Virtual size: 16B

PAGE Size: 2KB - Virtual size: 2KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

a24e57cfb1e35030a9b4252bf1fa8b4b

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 28KB - Virtual size: 26KB

04c6a46774c4270abb60d2563cd3db3c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

Sections

.text Size: 228KB - Virtual size: 224KB

.rdata Size: 56KB - Virtual size: 53KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 52KB - Virtual size: 68KB

.text
Size: 32KB - Virtual size: 32KB

.data
Size: 1KB - Virtual size: 1KB

.CRT
Size: 32B - Virtual size: 12B

.STL
Size: 32B - Virtual size: 16B

PAGE
Size: 2KB - Virtual size: 2KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 28KB - Virtual size: 26KB

.text
Size: 228KB - Virtual size: 224KB

.rdata
Size: 56KB - Virtual size: 53KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 52KB - Virtual size: 68KB