8bf81b188cbaff5892c663338df0d2af

Sharing

Copy URL Twitter E-mail

General

Target

8bf81b188cbaff5892c663338df0d2af
Size

1.8MB
MD5

8bf81b188cbaff5892c663338df0d2af
SHA1

1a4e2af5d0daae58e7175c48c0d205133bd6baff
SHA256

2f5b0b47874afdc312421a09808fd809300d47bb45b2b956da980af030038195
SHA512

67641accc9968f179a3313751191220f47e59e9b87771a0773771ab3b31515f32ecdc46ff89e20cd5da0d020c6a3f563d03803460b0093280e56ee7b3c14c8c6
SSDEEP

49152:FV4tbnEK33ADIBYSTdkGhpg7EK9gl2kQlDJf:F65E0+RwjhpSEKCORB

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/USBCleaner6.0/Curefolder.txd
unpack001/USBCleaner6.0/USBCleaner.exe
unpack001/USBCleaner6.0/prjXTab.ocx
unpack001/USBCleaner6.0/usbmon.exe

Files

8bf81b188cbaff5892c663338df0d2af
.rar
USBCleaner6.0/COMCTL32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

c8cebbf034d8c6304701e5ec3fae70a4

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ImageList_SetOverlayImage
ImageList_DrawEx
ImageList_GetIconSize
ImageList_SetBkColor
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Add
ImageList_AddMasked
ord16
ord17
ImageList_Draw
ImageList_Create
ImageList_Destroy
ImageList_Remove

kernel32

lstrcmpA
GetProcAddress
GlobalSize
CloseHandle
GetFileSize
ReadFile
lstrcmpiA
IsDBCSLeadByte
lstrcmpiW
LockResource
FindResourceA
LoadResource
GetWindowsDirectoryA
GetLastError
GetLocaleInfoA
OpenFile
MultiByteToWideChar
lstrcatA
DisableThreadLibraryCalls
GetVersion
GetProcessHeap
GetDateFormatA
GetLocalTime
GetTimeFormatA
GetModuleFileNameA
GetCurrentThreadId
LoadLibraryA
GlobalUnlock
GlobalAlloc
GlobalLock
CompareStringA
GlobalFree
GetVersionExA
lstrlenA
lstrcpyA
IsBadReadPtr
HeapReAlloc
lstrcpynA
IsBadWritePtr
InterlockedDecrement
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
InterlockedIncrement
HeapAlloc
lstrlenW
LeaveCriticalSection
EnterCriticalSection

user32

IsWindowVisible
EndPaint
BeginPaint
MoveWindow
CharUpperA
IntersectRect
MessageBeep
SetCursor
EndDialog
RedrawWindow
GetMessagePos
CreateAcceleratorTableA
VkKeyScanA
PeekMessageA
PeekMessageW
SetWindowRgn
RegisterWindowMessageA
RegisterClipboardFormatA
SetCursorPos
OffsetRect
EqualRect
IsChild
GetWindowTextA
SetCapture
GetCursorPos
ScreenToClient
PostMessageA
DrawEdge
GetSysColor
wsprintfA
FillRect
InflateRect
DrawTextA
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetParent
GetAsyncKeyState
SetWindowLongA
TranslateMessage
DispatchMessageA
IsWindowEnabled
GetActiveWindow
CreateDialogIndirectParamA
IsDialogMessageA
GetNextDlgTabItem
GetWindow
CharNextA
SetParent
InvalidateRect
UpdateWindow
UnregisterClassA
MessageBoxA
SetWindowsHookExA
SetTimer
KillTimer
CheckRadioButton
CallNextHookEx
SetActiveWindow
DestroyIcon
SetFocus
DrawIcon
UnionRect
DialogBoxParamA
PtInRect
LoadCursorA
GetWindowDC
SetRect
IsRectEmpty
GetDC
ReleaseDC
GetClipboardFormatNameA
ClientToScreen
PostMessageW
FrameRect
GetClientRect
CallWindowProcA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
LoadIconA
GetSystemMetrics
CopyImage
MapDialogRect
GetWindowLongA
SetWindowPos
GetFocus
EnableWindow
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
SetDlgItemInt
GetDlgItemInt
IsDlgButtonChecked
SendDlgItemMessageA
CheckDlgButton
LoadStringA
DefWindowProcA
SendMessageA
ShowWindow
WinHelpA
UnhookWindowsHookEx

ole32

CreateStreamOnHGlobal
RevokeDragDrop
CreateOleAdviseHolder
RegisterDragDrop
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
DoDragDrop
ReleaseStgMedium
OleLoadFromStream
OleSaveToStream

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueA
RegEnumKeyExA
RegCloseKey

oleaut32

SafeArrayPutElement
SafeArrayGetElement
SafeArrayRedim
SafeArrayGetUBound
SafeArrayCreate
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayAccessData
VariantCopy
GetErrorInfo
OleCreateFontIndirect
CreateErrorInfo
SetErrorInfo
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
LoadRegTypeLi
RegisterTypeLi
OleLoadPicture
LoadTypeLi
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
OleCreatePictureIndirect
VariantCopyInd
OleTranslateColor
VariantChangeType
SysFreeString
SysStringLen
VariantClear
SysAllocString
VariantInit
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

GetNearestColor
CreatePalette
LPtoDP
GetWindowExtEx
GetBitmapBits
TextOutA
CreateDIBitmap
RealizePalette
GetViewportExtEx
SelectPalette
GetPaletteEntries
GetDIBits
CopyEnhMetaFileA
CreateICA
CopyMetaFileA
StretchBlt
Rectangle
GetObjectA
SetBkColor
CreateDCA
CreateRectRgn
SetViewportOrgEx
SetWindowOrgEx
DeleteObject
SetWindowExtEx
SetMapMode
SetViewportExtEx
CreateSolidBrush
GetDeviceCaps
SelectObject
ExcludeClipRect
GetClipRgn
SelectClipRgn
GetClipBox
DeleteDC
CreateRectRgnIndirect
CreateCompatibleDC
PatBlt
CreateCompatibleBitmap
SetBkMode
SetTextColor
CreateBitmap
GetStockObject
GetTextExtentPoint32A

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 332KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
USBCleaner6.0/Curefolder.txd
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.nsp0
Size: - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
USBCleaner6.0/USBCleaner.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.nsp0
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 498KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
USBCleaner6.0/prjXTab.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

68cfd3c9ac47c5fa2711ace781655749

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
__vbaLenBstr
ord588
__vbaAptOffset
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaCopyBytes
__vbaStrCat
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaLateMemSt
EVENT_SINK2_Release
__vbaForEachCollObj
__vbaExitProc
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord599
__vbaBoolVar
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
ord709
ord631
__vbaLateMemStAd
ord525
__vbaNextEachCollObj
__vbaChkstk
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
__vbaStrCmp
ord561
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
ord712
_adj_fprem
_adj_fdivr_m64
ord714
__vbaFailedFriend
__vbaFPException
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaCheckType
__vbaI2Var
ord537
ord644
_CIlog
__vbaErrorOverflow
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
EVENT_SINK2_AddRef
__vbaI4Str
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
__vbaVarTstNe
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaLateMemCall
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
__vbaVarTstGe
__vbaUnkVar
__vbaVarLateMemCallLd
__vbaFpI4
__vbaRecDestructAnsi
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaCastObj
_allmul
__vbaLateIdSt
__vbaLateMemCallSt
_CItan
_CIexp
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
__vbaRecAssign

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
USBCleaner6.0/usbmon.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.nsp0
Size: - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

c8cebbf034d8c6304701e5ec3fae70a4

Code Sign

Signer

Headers

File Characteristics

Imports

version

comctl32

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 332KB - Virtual size: 332KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 224KB - Virtual size: 224KB

.reloc Size: 24KB - Virtual size: 23KB

Headers

File Characteristics

Sections

.nsp0 Size: - Virtual size: 208KB

.nsp1 Size: 56KB - Virtual size: 60KB

.nsp2 Size: - Virtual size: 2KB

Headers

File Characteristics

Sections

.nsp0 Size: - Virtual size: 4.3MB

.nsp1 Size: 498KB - Virtual size: 500KB

.nsp2 Size: - Virtual size: 5KB

68cfd3c9ac47c5fa2711ace781655749

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 184KB - Virtual size: 181KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 16KB - Virtual size: 13KB

.reloc Size: 16KB - Virtual size: 15KB

Headers

File Characteristics

Sections

.nsp0 Size: - Virtual size: 4.2MB

.nsp1 Size: 1.3MB - Virtual size: 1.3MB

.nsp2 Size: - Virtual size: 4KB

.text
Size: 332KB - Virtual size: 332KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 224KB - Virtual size: 224KB

.reloc
Size: 24KB - Virtual size: 23KB

.nsp0
Size: - Virtual size: 208KB

.nsp1
Size: 56KB - Virtual size: 60KB

.nsp2
Size: - Virtual size: 2KB

.nsp0
Size: - Virtual size: 4.3MB

.nsp1
Size: 498KB - Virtual size: 500KB

.nsp2
Size: - Virtual size: 5KB

.text
Size: 184KB - Virtual size: 181KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 16KB - Virtual size: 13KB

.reloc
Size: 16KB - Virtual size: 15KB

.nsp0
Size: - Virtual size: 4.2MB

.nsp1
Size: 1.3MB - Virtual size: 1.3MB

.nsp2
Size: - Virtual size: 4KB