hiddump[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

hiddump.7z
Size

8.2MB
MD5

ae70902a178db2543e6fd396492a67e6
SHA1

c353468c847bc0db05eedfae79a431d4dcaf42d5
SHA256

ef9b0b5ca5b1f4f854527584ec11d02d572aa76fd4cd80bf24bc13b163db1a6e
SHA512

1e868b3c86bc0b03e4da8cc7b2de41c9bb2b02837c99a88d080ed887231447fbbf3b4774ae3f87e5c509319febd15f37f6480d132c758322194b476a05327788
SSDEEP

196608:OitH6MQjTlzGB9NmFueJoP6B1coMbUIKO:OiHYdzGwFbEDbUbO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/hiddump.exe

Files

hiddump.7z
.7z

Password: infected
hiddump.exe
.dll windows:6 windows x86 arch:x86

Password: infected

366a50ea39287992c4d943063413a73d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetProcessWindowStation

advapi32

CryptDecrypt

ws2_32

getpeername

crypt32

CertOpenSystemStoreW

Exports

Exports

HidD_FlushQueue
HidD_FreePreparsedData
HidD_GetAttributes
HidD_GetConfiguration
HidD_GetFeature
HidD_GetHidGuid
HidD_GetIndexedString
HidD_GetInputReport
HidD_GetManufacturerString
HidD_GetMsGenreDescriptor
HidD_GetNumInputBuffers
HidD_GetPhysicalDescriptor
HidD_GetPreparsedData
HidD_GetProductString
HidD_GetSerialNumberString
HidD_Hello
HidD_SetConfiguration
HidD_SetFeature
HidD_SetNumInputBuffers
HidD_SetOutputReport
HidP_GetButtonCaps
HidP_GetCaps
HidP_GetData
HidP_GetExtendedAttributes
HidP_GetLinkCollectionNodes
HidP_GetScaledUsageValue
HidP_GetSpecificButtonCaps
HidP_GetSpecificValueCaps
HidP_GetUsageValue
HidP_GetUsageValueArray
HidP_GetUsages
HidP_GetUsagesEx
HidP_GetValueCaps
HidP_InitializeReportForID
HidP_MaxDataListLength
HidP_MaxUsageListLength
HidP_SetData
HidP_SetScaledUsageValue
HidP_SetUsageValue
HidP_SetUsageValueArray
HidP_SetUsages
HidP_TranslateUsagesToI8042ScanCodes
HidP_UnsetUsages
HidP_UsageListDifference

Sections

.text
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.6)H
Size: - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dRF
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.7q6
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 937B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

366a50ea39287992c4d943063413a73d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

crypt32

Exports

Exports

Sections

.text Size: - Virtual size: 1.6MB

.rdata Size: - Virtual size: 592KB

.data Size: - Virtual size: 48KB

.6)H Size: - Virtual size: 4.4MB

.dRF Size: 3KB - Virtual size: 2KB

.7q6 Size: 8.7MB - Virtual size: 8.7MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 937B

.text
Size: - Virtual size: 1.6MB

.rdata
Size: - Virtual size: 592KB

.data
Size: - Virtual size: 48KB

.6)H
Size: - Virtual size: 4.4MB

.dRF
Size: 3KB - Virtual size: 2KB

.7q6
Size: 8.7MB - Virtual size: 8.7MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 937B