b9dc0bb16ff8f763ddf28513308c4b5fb89795e3afb36bc8aca2d41e408b55f4

Sharing

Copy URL

Twitter E-mail

General

Target

b9dc0bb16ff8f763ddf28513308c4b5fb89795e3afb36bc8aca2d41e408b55f4
Size

4.2MB
MD5

202783097862f0e40e75781c9cd37a0e
SHA1

51fa227522d36a5820d567711a5ef2fc790a01f4
SHA256

b9dc0bb16ff8f763ddf28513308c4b5fb89795e3afb36bc8aca2d41e408b55f4
SHA512

b06a7db1dcb93b77b24405a41b37523a53b7ac124205831b78f4235aa48c75b47016993f5caf02a4da89c80013a98c88e2c191315d75e10b8db936cba300c2d3
SSDEEP

98304:0F+D01yxRCwn6p405e3jcbGh5lOqyvhH0:0RyBnq405eym7OzvhH0

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/UsbEAm Hosts Editor-v3.63/UsbEAm Hosts Editor v3.63.exe	aspack_v212_v242

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/UsbEAm Hosts Editor-v3.63/UsbEAm Hosts Editor v3.63.exe
unpack001/UsbEAm Hosts Editor-v3.63/gzip.dll

Files

b9dc0bb16ff8f763ddf28513308c4b5fb89795e3afb36bc8aca2d41e408b55f4
.zip
UsbEAm Hosts Editor-v3.63/UsbEAm Hosts Editor v3.63.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 324KB - Virtual size: 792KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 120KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 147KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 25KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UsbEAm
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UsbEAm Hosts Editor-v3.63/gzip.dll
.dll windows:5 windows x86 arch:x86

808ef01b1df8ccc7e620508eacbf5713

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalAlloc
LocalFree

Exports

Exports

Compress
CreateCompression
CreateDecompression
DeInitCompression
DeInitDecompression
Decompress
DestroyCompression
DestroyDecompression
InitCompression
InitDecompression
ResetCompression
ResetDecompression

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UsbEAm Hosts Editor-v3.63/libcurl.dll
.dll windows:4 windows x86 arch:x86

9da9417ec7b516d8653d26f3e89df5e6

Code Sign

0f:07:dd:d7:18:7f:eb:e5:92:aa:9d:cb:35:81:8f:8a:94:06:ac:9d
Certificate

Issuer

CN=curl-for-win Root CA 2021

Not Before

17-01-2021 22:40

Not After

17-01-2024 22:40

Subject

CN=curl-for-win Code Signing Authority

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:08:26:c5:81:9f:76:fc:32:01:f2:dc:10:c9:a7:1e:73:c5:71:25
Certificate

Issuer

CN=curl-for-win Root CA 2021

Not Before

17-01-2021 22:40

Not After

17-01-2026 22:40

Subject

CN=curl-for-win Root CA 2021

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:34:15:2f:73:da:89:fb:28:fe:c5:39:5f:d1:2a:21:06:13:77:de:0a:18:ea:68:24:e5:9b:5b:fa:a6:98:f6:89:b0:b5:e9:a4:76:6b:b8:d6:9b:e9:ed:d7:da:c8:de:0c:24:b1:d7:7b:51:c4:a0:e4:9b:d1:fb:e4:e1:0c:83
Signer

Actual PE Digest

2e:34:15:2f:73:da:89:fb:28:fe:c5:39:5f:d1:2a:21:06:13:77:de:0a:18:ea:68:24:e5:9b:5b:fa:a6:98:f6:89:b0:b5:e9:a4:76:6b:b8:d6:9b:e9:ed:d7:da:c8:de:0c:24:b1:d7:7b:51:c4:a0:e4:9b:d1:fb:e4:e1:0c:83

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextA
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptGenRandom
CryptGetHashParam
CryptHashData
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertGetNameStringW
CertOpenStore
CertOpenSystemStoreW
CryptDecodeObjectEx
CryptQueryObject
CryptStringToBinaryW
PFXImportCertStore

kernel32

CloseHandle
CompareFileTime
ConvertFiberToThread
ConvertThreadToFiber
CreateFiber
CreateFileMappingA
CreateFileW
DeleteCriticalSection
DeleteFiber
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
FreeLibrary
GetACP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetEnvironmentVariableW
GetFileSizeEx
GetFileType
GetLastError
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetStdHandle
GetSystemDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
GetVersion
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MapViewOfFile
MoveFileExW
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleA
ReadConsoleW
ReadFile
SetConsoleMode
SetLastError
Sleep
SleepEx
SwitchToFiber
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__mb_cur_max
_access
_amsg_exit
_beginthreadex
_errno
_chmod
_exit
_fileno
_fstati64
_getpid
_initterm
_iob
_lock
_lseeki64
_onexit
_open
_setmode
_snwprintf
_sys_nerr
_unlock
_vsnprintf
_waccess
_wcsdup
_wfopen
_wopen
abort
atoi
bsearch
calloc
clearerr
fclose
feof
ferror
fflush
fgets
fopen
fputc
fputs
fread
free
fseek
ftell
fwrite
getc
getenv
isdigit
islower
isspace
isupper
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
gmtime
difftime
qsort
raise
realloc
rewind
setbuf
setlocale
setvbuf
signal
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
tolower
ungetc
vfprintf
time
_strdup
_stricmp
_strnicmp
_strtoi64
wcschr
wcscpy
wcslen
wcsncmp
wcsncpy
wcspbrk
wcsstr
wcstombs
_wstati64
_vsnwprintf
_stat
_stati64
_fstat
_write
_unlink
_strdup
_read
_close

user32

FindWindowA
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
SendMessageA

wldap32

ber_free
ldap_bind_sW
ldap_err2stringA
ldap_first_attributeW
ldap_first_entry
ldap_get_dnW
ldap_get_values_lenW
ldap_initW
ldap_memfreeW
ldap_msgfree
ldap_next_attributeW
ldap_next_entry
ldap_search_sW
ldap_set_optionW
ldap_simple_bind_sW
ldap_sslinitW
ldap_unbind_s
ldap_value_free_len

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetEvent
WSASetLastError
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
gethostname
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_option_by_id
curl_easy_option_by_name
curl_easy_option_next
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_version
curl_version_info

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 965KB - Virtual size: 964KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UsbEAm Hosts Editor-v3.63/usbeam_IP.dat

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 324KB - Virtual size: 792KB

.rdata Size: 120KB - Virtual size: 320KB

.data Size: 147KB - Virtual size: 420KB

.rsrc Size: 1KB - Virtual size: 48KB

.reloc Size: 25KB - Virtual size: 88KB

.UsbEAm Size: 48KB - Virtual size: 52KB

.adata Size: - Virtual size: 4KB

808ef01b1df8ccc7e620508eacbf5713

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 26KB

.data Size: - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 512B - Virtual size: 368B

9da9417ec7b516d8653d26f3e89df5e6

Code Sign

0f:07:dd:d7:18:7f:eb:e5:92:aa:9d:cb:35:81:8f:8a:94:06:ac:9dCertificate

Extended Key Usages

Key Usages

05:08:26:c5:81:9f:76:fc:32:01:f2:dc:10:c9:a7:1e:73:c5:71:25Certificate

Key Usages

2e:34:15:2f:73:da:89:fb:28:fe:c5:39:5f:d1:2a:21:06:13:77:de:0a:18:ea:68:24:e5:9b:5b:fa:a6:98:f6:89:b0:b5:e9:a4:76:6b:b8:d6:9b:e9:ed:d7:da:c8:de:0c:24:b1:d7:7b:51:c4:a0:e4:9b:d1:fb:e4:e1:0c:83Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

kernel32

msvcrt

user32

wldap32

ws2_32

Exports

Exports

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.data Size: 22KB - Virtual size: 21KB

.rdata Size: 965KB - Virtual size: 964KB

.eh_fram Size: 512B - Virtual size: 488B

.bss Size: - Virtual size: 17KB

.edata Size: 2KB - Virtual size: 2KB

.idata Size: 7KB - Virtual size: 7KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 96KB - Virtual size: 95KB

.text
Size: 324KB - Virtual size: 792KB

.rdata
Size: 120KB - Virtual size: 320KB

.data
Size: 147KB - Virtual size: 420KB

.rsrc
Size: 1KB - Virtual size: 48KB

.reloc
Size: 25KB - Virtual size: 88KB

.UsbEAm
Size: 48KB - Virtual size: 52KB

.adata
Size: - Virtual size: 4KB

.text
Size: 27KB - Virtual size: 26KB

.data
Size: - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 512B - Virtual size: 368B

0f:07:dd:d7:18:7f:eb:e5:92:aa:9d:cb:35:81:8f:8a:94:06:ac:9d
Certificate

05:08:26:c5:81:9f:76:fc:32:01:f2:dc:10:c9:a7:1e:73:c5:71:25
Certificate

2e:34:15:2f:73:da:89:fb:28:fe:c5:39:5f:d1:2a:21:06:13:77:de:0a:18:ea:68:24:e5:9b:5b:fa:a6:98:f6:89:b0:b5:e9:a4:76:6b:b8:d6:9b:e9:ed:d7:da:c8:de:0c:24:b1:d7:7b:51:c4:a0:e4:9b:d1:fb:e4:e1:0c:83
Signer

.text
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 22KB - Virtual size: 21KB

.rdata
Size: 965KB - Virtual size: 964KB

.eh_fram
Size: 512B - Virtual size: 488B

.bss
Size: - Virtual size: 17KB

.edata
Size: 2KB - Virtual size: 2KB

.idata
Size: 7KB - Virtual size: 7KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 96KB - Virtual size: 95KB