USBHubSvc[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

USBHubSvc.exe
Size

549KB
MD5

ee038eb9a83adf9155418e16993de92f
SHA1

0ad13ad1fabb164d6ff9289bf36f3cb68a42905a
SHA256

51ca7c238d73badc9096d1d28879dd56b6cc2e5c0d96d35684ffe6bb21fe404f
SHA512

eda8ff2f0b928a6be74d5e620b137343cd82cf664a4ce326cdf9fec8dda8a72705cbcdcb71bacca0e994a54874e22a542aa8355d8e65b3dc292f665c7c36b2e0
SSDEEP

6144:W3x7wwK2Q7PTLew1Fpx98J956qle5ZT254PjwyJZxAFcGSb2iT6tunoh7JzQO9hL:W3xsAmPTi2XC95NGrrovQO

Score

1^/10

Malware Config

Signatures

Files

USBHubSvc.exe
.exe windows:6 windows x64 arch:x64

Password: infected

e960b38185a71b2f4b351fbbb1580150

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:89:8e:cb:43:c8:a1:9a:8f:24:a6:cf:fb:b4:06:43
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/05/2021, 00:00

Not After

22/05/2024, 23:59

Subject

CN=Teradici Corporation,O=Teradici Corporation,L=Burnaby,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e9:37:a9:97:a4:45:2d:29:2b:42:14:ed:41:84:b0:9f:4c:99:51:6e:5a:5e:0a:2b:90:82:9f:98:26:1d:c3:3a
Signer

Actual PE Digest

e9:37:a9:97:a4:45:2d:29:2b:42:14:ed:41:84:b0:9f:4c:99:51:6e:5a:5e:0a:2b:90:82:9f:98:26:1d:c3:3a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\BuildAgent\work\9d2beef39d30de5d\hub\usb_network_gate_6.2.761_13.12.2013\Bin\x64\Release\USBHubSvc.pdb

Imports

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CryptHashPublicKeyInfo

kernel32

CloseHandle
SystemTimeToFileTime
QueryFullProcessImageNameW
GetSystemTime
GetProcessTimes
GetModuleFileNameW
GetFileSizeEx
DeviceIoControl
WaitForSingleObject
CreateEventW
Sleep
GetTickCount64
WideCharToMultiByte
OpenProcess
QueryDepthSList
InterlockedPopEntrySList
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
CreateFileW
UnregisterWaitEx
LoadLibraryW
TlsAlloc
ReleaseSemaphore
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
QueryPerformanceFrequency
TryEnterCriticalSection
DuplicateHandle
GetCurrentThread
SetLastError
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
EncodePointer
MultiByteToWideChar
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlPcToFileHeader
FreeLibrary
LoadLibraryExW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetACP
CreateThread
FreeLibraryAndExitThread
GetFileType
GetTimeZoneInformation
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
ReadConsoleW
SetEndOfFile
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetModuleHandleA
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect

advapi32

RegisterEventSourceW
RegisterServiceCtrlHandlerExW
CreateServiceW
RegDeleteKeyExW
CloseServiceHandle
OpenSCManagerW
SetServiceStatus
DeleteService
RegCreateKeyW
StartServiceCtrlDispatcherW
OpenServiceW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
DeregisterEventSource

Sections

.text
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

e960b38185a71b2f4b351fbbb1580150

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:89:8e:cb:43:c8:a1:9a:8f:24:a6:cf:fb:b4:06:43Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

e9:37:a9:97:a4:45:2d:29:2b:42:14:ed:41:84:b0:9f:4c:99:51:6e:5a:5e:0a:2b:90:82:9f:98:26:1d:c3:3aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wintrust

crypt32

kernel32

advapi32

Sections

.text Size: 324KB - Virtual size: 323KB

.rdata Size: 128KB - Virtual size: 127KB

.data Size: 10KB - Virtual size: 18KB

.pdata Size: 20KB - Virtual size: 19KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 3KB - Virtual size: 2KB

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 5KB - Virtual size: 4KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:89:8e:cb:43:c8:a1:9a:8f:24:a6:cf:fb:b4:06:43
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

e9:37:a9:97:a4:45:2d:29:2b:42:14:ed:41:84:b0:9f:4c:99:51:6e:5a:5e:0a:2b:90:82:9f:98:26:1d:c3:3a
Signer

.text
Size: 324KB - Virtual size: 323KB

.rdata
Size: 128KB - Virtual size: 127KB

.data
Size: 10KB - Virtual size: 18KB

.pdata
Size: 20KB - Virtual size: 19KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 5KB - Virtual size: 4KB