YTEC-info CH341A-Softwares main Programas-Windows_CH341Programmer_CH341Programmer%20V1[.]38[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

YTEC-info CH341A-Softwares main Programas-Windows_CH341Programmer_CH341Programmer%20V1.38.zip
Size

3.7MB
MD5

7cff15fd876dd15d48ff9384500f585d
SHA1

d6948a6e3f3a838c98febfc1d337ab84b93b0bd1
SHA256

6587f919c56470855d7a2115e61643a60e12d42191b84ae5489e3632f3af8d62
SHA512

30ce78f7565f9349636dc60845524ced23b74b2ece6f5ad48b017b91cc9288d6ae35a20ee6a355c1a43248bbbe01e07c6b9fe9f993782caf5c1612fcc446422d
SSDEEP

98304:zSRG9AoPW8EYYhtym8O+y0xjNL1pLU+bmhvgOi/XTl:+R1yryUjNLXLDx

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Programas/Windows/CH341Programmer/CH341Programmer V1.38/CH341DLL.DLL
unpack001/Programas/Windows/CH341Programmer/CH341Programmer V1.38/CH341W64.SYS
unpack001/Programas/Windows/CH341Programmer/CH341Programmer V1.38/CH341WDM.SYS
unpack001/Programas/Windows/CH341Programmer/CH341Programmer V1.38/Ch341Programmer.exe
unpack001/Programas/Windows/CH341Programmer/CH341Programmer V1.38/Uninstaller.exe

Files

YTEC-info CH341A-Softwares main Programas-Windows_CH341Programmer_CH341Programmer%20V1.38.zip
.zip
Programas/Windows/CH341Programmer/CH341Programmer V1.38/CH341DLL.DLL
.dll windows:4 windows x86 arch:x86

8c17c46120b9339216e4036e6840553f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitThread
CloseHandle
Sleep
GetOverlappedResult
GetLastError
DeviceIoControl
ResetEvent
CreateEventA
CreateFileA
lstrcpyA
SetThreadPriority
CreateThread
LocalFree
LocalAlloc
GetModuleHandleA
lstrcmpiA

user32

RegisterClassA
UnregisterClassA
CreateWindowExA
UnregisterDeviceNotification
ShowWindow
RegisterDeviceNotificationA
DefWindowProcA
DestroyWindow
CharUpperBuffA

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA

Exports

Exports

CH341AbortInter
CH341AbortRead
CH341AbortWrite
CH341BitStreamSPI
CH341CloseDevice
CH341CloseDeviceEx
CH341DriverCommand
CH341EppReadAddr
CH341EppReadData
CH341EppSetAddr
CH341EppWriteAddr
CH341EppWriteData
CH341FlushBuffer
CH341GetConfigDescr
CH341GetDeviceDescr
CH341GetDeviceName
CH341GetDeviceNameEx
CH341GetDrvVersion
CH341GetInput
CH341GetStatus
CH341GetVerIC
CH341GetVersion
CH341InitParallel
CH341MemReadAddr0
CH341MemReadAddr1
CH341MemWriteAddr0
CH341MemWriteAddr1
CH341OpenDevice
CH341OpenDeviceEx
CH341QueryBufDownload
CH341QueryBufUpload
CH341ReadData
CH341ReadData0
CH341ReadData1
CH341ReadEEPROM
CH341ReadI2C
CH341ReadInter
CH341ResetDevice
CH341ResetInter
CH341ResetRead
CH341ResetWrite
CH341SetBufDownload
CH341SetBufUpload
CH341SetDelaymS
CH341SetDeviceNotify
CH341SetDeviceNotifyEx
CH341SetExclusive
CH341SetIntRoutine
CH341SetOutput
CH341SetParaMode
CH341SetStream
CH341SetTimeout
CH341Set_D5_D0
CH341SetupSerial
CH341StreamI2C
CH341StreamSPI3
CH341StreamSPI4
CH341StreamSPI5
CH341WriteData
CH341WriteData0
CH341WriteData1
CH341WriteEEPROM
CH341WriteI2C
CH341WriteRead

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ShareArr
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Programas/Windows/CH341Programmer/CH341Programmer V1.38/CH341W64.SYS
.sys windows:5 windows x64 arch:x64

9b1def2964cd838f7829b5731e30fffa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\project\ch341\winwdm22\amd64\amd64\CH341W64.pdb

Imports

ntoskrnl.exe

IofCallDriver
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
ExFreePool
ExAllocatePool
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
KeDelayExecutionThread
IoDeleteDevice
IoDetachDevice
RtlFreeUnicodeString
IoSetDeviceInterfaceState
PoStartNextPowerIrp
KeClearEvent
PsTerminateSystemThread
KeSetPriorityThread
ZwClose
PsCreateSystemThread
PoCallDriver
PoSetPowerState
__C_specific_handler
IoRegisterDeviceInterface
IoAttachDeviceToDeviceStack
IoCreateDevice
KeBugCheckEx
IofCompleteRequest
PoRequestPowerIrp
KeSetEvent

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Programas/Windows/CH341Programmer/CH341Programmer V1.38/CH341WDM.CAT
Programas/Windows/CH341Programmer/CH341Programmer V1.38/CH341WDM.INF
Programas/Windows/CH341Programmer/CH341Programmer V1.38/CH341WDM.SYS
.sys windows:4 windows x86 arch:x86

6d37ff886398dc1f20c0e2acfe260460

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

IoAttachDeviceToDeviceStack
KeInitializeSpinLock
KeInitializeEvent
ExAllocatePool
IoCreateDevice
IoDeleteDevice
ExFreePool
IoDetachDevice
KeSetEvent
RtlFreeUnicodeString
IoSetDeviceInterfaceState
IofCompleteRequest
IoRegisterDeviceInterface
InterlockedIncrement
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
InterlockedExchange
PoStartNextPowerIrp
PoCallDriver
PoSetPowerState
PoRequestPowerIrp
PsTerminateSystemThread
KeClearEvent
KeSetPriorityThread
KeGetCurrentThread
PsCreateSystemThread
InterlockedDecrement
KeDelayExecutionThread
RtlUnwind
ZwClose

hal

KfReleaseSpinLock
KfAcquireSpinLock

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
_USBD_CreateConfigurationRequestEx@8

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 160B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 864B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 736B - Virtual size: 726B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Programas/Windows/CH341Programmer/CH341Programmer V1.38/Ch341Programmer.exe
.exe windows:5 windows x86 arch:x86

b895284eb99549713bd45a6bd4ea5768

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DecodePointer
InterlockedExchange
InterlockedCompareExchange
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateMutexW
GetTempPathW
GetVersionExW
GetTickCount
CreateFileW
ReadFile
WriteFile
GetFileSize
Sleep
lstrcatW
CreateThread
ResumeThread
CloseHandle
CreateWaitableTimerW
WaitForMultipleObjects
CreateEventW
LockResource
ResetEvent
GlobalFree
GlobalUnlock
MulDiv
SizeofResource
GlobalAlloc
SetEvent
WaitForSingleObject
GlobalLock
SetWaitableTimer
LoadResource
FindResourceW
FreeResource
GetModuleHandleW
GetLastError
GetLocalTime
lstrlenW
EncodePointer
IsProcessorFeaturePresent

user32

EndDialog
DestroyWindow
ReleaseDC
GetDC
GetClientRect
FillRect
BeginPaint
EndPaint
CheckMenuRadioItem
SendMessageW
GetWindowPlacement
IsWindow
DefWindowProcW
SetCapture
LoadCursorW
ReleaseCapture
SetWindowPos
GetWindowLongW
GetDlgItem
ShowWindow
CreateWindowExW
GetWindowDC
LoadImageW
DrawTextW
FrameRect
UpdateWindow
InvalidateRect
GetSystemMetrics
MoveWindow
SetClassLongW
GetDlgCtrlID
SetWindowTextW
SetCursor
ClientToScreen
SetWindowLongW
DispatchMessageW
TranslateMessage
GetMessageW
SetScrollPos
RegisterClassExW
DialogBoxParamW
KillTimer
GetWindowRect
SetTimer
DrawMenuBar
LoadStringW
LoadIconW
LoadAcceleratorsW
PostQuitMessage
TranslateAcceleratorW
GetFocus
GetWindowTextW
AnimateWindow
DestroyIcon
SetMenuItemInfoW
InsertMenuW
GetMenuItemCount
GetSysColor
GetMenu
ModifyMenuW
GetMenuItemInfoW
GetMenuBarInfo
GetMenuItemID
CreateDialogParamW
GetScrollPos
SetScrollInfo
GetScrollInfo
SetFocus
SetLayeredWindowAttributes
GetDesktopWindow
GetIconInfo
CreateIconIndirect
MessageBoxW

gdi32

GetPixel
CreateRectRgn
FillRgn
GetTextExtentPoint32W
CreateBitmap
SetPixel
FrameRgn
GetTextMetricsW
CreateFontW
MoveToEx
CreateRoundRectRgn
GetCharWidth32W
GetObjectW
DPtoLP
CombineRgn
SetMapMode
GetMapMode
LineTo
GetROP2
SetROP2
CreateDIBSection
GetDeviceCaps
CreateCompatibleBitmap
SetBkColor
TextOutW
BitBlt
CreateCompatibleDC
GetDIBits
CreateSolidBrush
SetTextColor
GetStockObject
SelectObject
DeleteObject
SetBkMode
TextOutA
DeleteDC

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCreateKeyExW
RegCloseKey

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

msvcp100

?_Xlength_error@std@@YAXPBD@Z

comctl32

ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_GetIcon
ImageList_Create
ord17

gdiplus

GdiplusStartup
GdiplusShutdown
GdipDrawRectangleI
GdipCreatePen1
GdipCloneImage
GdipDisposeImage
GdipCreateSolidFill
GdipDrawImageRectI
GdipCreateBitmapFromHICON
GdipDeletePen
GdipCreateLineBrushFromRectWithAngleI
GdipFillRectangleI
GdipCreateFromHDC
GdipAlloc
GdipDeleteGraphics
GdipCreateLineBrushFromRectI
GdipFree
GdipDeleteBrush

ch341dll

CH341WriteData
CH341WriteRead
CH341GetStatus
CH341GetInput
CH341GetDeviceName
CH341SetTimeout
CH341StreamSPI4
CH341OpenDevice
CH341WriteEEPROM
CH341StreamI2C
CH341ReadEEPROM
CH341ResetDevice
CH341Set_D5_D0
CH341SetStream
CH341CloseDevice
CH341GetVerIC
CH341BitStreamSPI

msvcr100

?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_lock
__dllonexit
_unlock
??_V@YAXPAX@Z
realloc
swprintf_s
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_CxxThrowException
_CIsqrt
__CxxFrameHandler3
??3@YAXPAX@Z
_except_handler4_common
_controlfp_s
_invoke_watson
memset
_onexit
wcstoul
memmove
malloc
_swprintf
free
??2@YAPAXI@Z
memcpy

shlwapi

SHGetValueW
SHSetValueW

winmm

mciSendCommandW

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Programas/Windows/CH341Programmer/CH341Programmer V1.38/DrvSetup64.exe
.exe windows:5 windows x64 arch:x64

0bfb8dbeab857c5b02bfe9ad3caf6c52

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

64:31:83:e3:08:18:90:f6:71:40:46:bb:93:f4:e5:9d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/10/2015, 00:00

Not After

10/11/2017, 23:59

Subject

CN=Jiangsu Qinheng Co.\, Ltd.,O=Jiangsu Qinheng Co.\, Ltd.,L=Nanjing,ST=Jiangsu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c3:a8:73:53:d6:3f:89:31:79:a2:19:f6:dd:b4:6e:b5:3a:75:e5:42
Signer

Actual PE Digest

c3:a8:73:53:d6:3f:89:31:79:a2:19:f6:dd:b4:6e:b5:3a:75:e5:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\program\驱动安装\drvinstall\v16\驱动安装_std_v168_150929\objfre_wnet_AMD64\amd64\DRVSETUP64.pdb

Imports

msvcrt

__set_app_type
_fmode
_commode
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
vsprintf
sprintf
strstr
strrchr
memcpy
strchr
_stricmp
memset
_findfirst
_findnext
_findclose

kernel32

RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetVersionExA
RtlLookupFunctionEntry
QueryPerformanceCounter
FormatMessageA
GetModuleHandleA
GetCurrentProcess
WinExec
GetFileAttributesA
GetUserDefaultLangID
CreateThread
CloseHandle
GetSystemInfo
GetStartupInfoA
CopyFileA
GetWindowsDirectoryA
Sleep
lstrlenA
GetPrivateProfileSectionA
GetPrivateProfileStringA
FreeLibrary
GetProcAddress
SetLastError
LoadLibraryA
GetVersion
DeleteFileA
GetSystemDirectoryA
GetLastError
GetCurrentDirectoryA
LocalAlloc
LocalFree
RtlCaptureContext

user32

SetDlgItemTextA
DefWindowProcA
SendMessageA
GetWindowTextA
EnumChildWindows
FindWindowExA
SendDlgItemMessageA
MessageBoxA
EndDialog
CharUpperA
SetWindowTextA
IsDlgButtonChecked
UpdateWindow
EnableWindow
GetDlgItem
LoadIconA
ShowWindow
DialogBoxParamA

comctl32

ord17

setupapi

CM_Locate_DevNodeA
SetupDefaultQueueCallbackA
SetupDiGetDeviceRegistryPropertyA
SetupDiSetDeviceRegistryPropertyA
SetupDiDestroyDriverInfoList
SetupDiGetDriverInfoDetailA
SetupDiEnumDriverInfoA
SetupDiBuildDriverInfoList
SetupCloseInfFile
SetupDiGetActualSectionToInstallA
SetupOpenInfFileA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupTermDefaultQueueCallback
SetupCloseFileQueue
SetupCommitFileQueueA
SetupInstallFilesFromInfSectionA
SetupInitDefaultQueueCallbackEx
SetupOpenFileQueue
SetupDiCallClassInstaller
SetupCopyOEMInfA
CM_Reenumerate_DevNode

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Programas/Windows/CH341Programmer/CH341Programmer V1.38/DrvSetup86.exe
.exe windows:4 windows x86 arch:x86

e44b26a105405bedef6a117a83211220

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

64:31:83:e3:08:18:90:f6:71:40:46:bb:93:f4:e5:9d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/10/2015, 00:00

Not After

10/11/2017, 23:59

Subject

CN=Jiangsu Qinheng Co.\, Ltd.,O=Jiangsu Qinheng Co.\, Ltd.,L=Nanjing,ST=Jiangsu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

60:8f:14:90:9a:cc:9c:1d:8b:27:bd:0a:55:cb:5a:02:0f:bc:d3:60
Signer

Actual PE Digest

60:8f:14:90:9a:cc:9c:1d:8b:27:bd:0a:55:cb:5a:02:0f:bc:d3:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
SetFilePointer
lstrlenA
GetSystemInfo
GetFileAttributesA
GetWindowsDirectoryA
GetVersionExA
GetUserDefaultLangID
WinExec
GetCurrentDirectoryA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
CreateThread
Sleep
LoadLibraryA
GetPrivateProfileSectionA
GetPrivateProfileStringA
DeleteFileA
CopyFileA
SetLastError
LocalAlloc
CloseHandle
FreeLibrary
GetVersion
GetSystemDirectoryA
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
HeapReAlloc
VirtualAlloc
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetLastError
LocalFree
FormatMessageA
GetTimeZoneInformation
HeapAlloc
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
SetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FindFirstFileA
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetStartupInfoA
GetCommandLineA
ExitProcess
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
InterlockedDecrement
InterlockedIncrement
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA

user32

UpdateWindow
CharUpperA
IsDlgButtonChecked
EnableWindow
FindWindowExA
EnumChildWindows
GetWindowTextA
SetDlgItemTextA
DefWindowProcA
GetDlgItem
ShowWindow
LoadIconA
SetWindowTextA
SendMessageA
EndDialog
MessageBoxA
DialogBoxParamA
SendDlgItemMessageA

comctl32

ord17

cfgmgr32

CM_Reenumerate_DevNode
CM_Locate_DevNodeA

setupapi

SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoA
SetupDiGetDriverInfoDetailA
SetupDiDestroyDriverInfoList
SetupDiSetDeviceRegistryPropertyA
SetupDefaultQueueCallbackA
SetupDiGetActualSectionToInstallA
SetupOpenFileQueue
SetupInitDefaultQueueCallbackEx
SetupInstallFilesFromInfSectionA
SetupCommitFileQueueA
SetupCloseFileQueue
SetupCloseInfFile
SetupTermDefaultQueueCallback
SetupCopyOEMInfA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
SetupOpenInfFileA

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Programas/Windows/CH341Programmer/CH341Programmer V1.38/Uninstaller.exe
.exe windows:5 windows x86 arch:x86

089d1e66c766eba93ce98affbb0b1135

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\arhimed\documents\visual studio 2010\Projects\Uninstaller\Release\Uninstaller.pdb

Imports

kernel32

GlobalFree
CreateThread
ResumeThread
FindResourceW
LoadResource
SizeofResource
GlobalAlloc
FreeResource
LockResource
CreateWaitableTimerW
SetWaitableTimer
WaitForMultipleObjects
SetEvent
WaitForSingleObject
ResetEvent
GetTempPathW
lstrcatW
CreateFileW
WriteFile
GetModuleFileNameW
MulDiv
CopyFileW
CreateProcessW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
GlobalUnlock
GlobalLock
CloseHandle
CreateEventW
GetNativeSystemInfo
GetSystemWindowsDirectoryW
FindClose
FindNextFileW
SetFileAttributesW
lstrcpyW
FindFirstFileW
lstrlenW
GetLastError
Sleep
RemoveDirectoryW
SetLastError
GetFileAttributesW
lstrcmpiW
DeleteFileW
GetTickCount
IsProcessorFeaturePresent

user32

CreateWindowExW
GetWindowLongW
AnimateWindow
GetDlgItem
DrawTextW
UpdateWindow
LoadIconW
SetWindowLongW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadCursorW
RegisterClassExW
GetSystemMetrics
SetTimer
TranslateAcceleratorW
PostQuitMessage
GetWindowTextW
MessageBoxW
wsprintfW
KillTimer
InvalidateRect
FillRect
ReleaseDC
GetDC
SetWindowPos
SendMessageW
DefWindowProcW
DestroyWindow
GetWindowRect
GetClientRect
ShowWindow
LoadStringW
LoadAcceleratorsW

gdi32

DeleteDC
BitBlt
CreateCompatibleDC
SelectObject
CreateSolidBrush
CreateCompatibleBitmap
CreateRoundRectRgn
FrameRgn
SetBkMode
SetTextColor
GetDeviceCaps
GetStockObject
CreateFontW
GetTextMetricsW
CreateBitmap
GetTextExtentPoint32W
GetCharWidth32W
TextOutW
DeleteObject

shell32

SHGetPathFromIDListW
SHGetFolderPathW
CommandLineToArgvW
SHGetSpecialFolderLocation

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

msvcp100

?_Xlength_error@std@@YAXPBD@Z

msvcr100

memset
memcpy
_controlfp_s
_invoke_watson
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_CIsqrt
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
_wtoi
??_V@YAXPAX@Z
rand
_CxxThrowException
__CxxFrameHandler3
_initterm_e
??3@YAXPAX@Z
??2@YAPAXI@Z
malloc
_swprintf
free
_wsplitpath
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
_time64
srand

shlwapi

SHDeleteKeyW

winmm

mciSendCommandW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 809KB - Virtual size: 809KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c17c46120b9339216e4036e6840553f

Headers

File Characteristics

Imports

kernel32

user32

setupapi

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 1024B - Virtual size: 6KB

ShareArr Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 848B

.reloc Size: 1024B - Virtual size: 728B

9b1def2964cd838f7829b5731e30fffa

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

usbd.sys

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 408B

.pdata Size: 1024B - Virtual size: 900B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 888B

6d37ff886398dc1f20c0e2acfe260460

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

usbd.sys

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 160B - Virtual size: 132B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 864B - Virtual size: 848B

.reloc Size: 736B - Virtual size: 726B

b895284eb99549713bd45a6bd4ea5768

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

msvcp100

comctl32

gdiplus

ch341dll

msvcr100

shlwapi

winmm

Sections

.text Size: 175KB - Virtual size: 175KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 28KB - Virtual size: 45KB

.rsrc Size: 2.3MB - Virtual size: 2.3MB

.reloc Size: 27KB - Virtual size: 26KB

0bfb8dbeab857c5b02bfe9ad3caf6c52

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 1024B - Virtual size: 6KB

ShareArr
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 848B

.reloc
Size: 1024B - Virtual size: 728B

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 408B

.pdata
Size: 1024B - Virtual size: 900B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 888B

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 160B - Virtual size: 132B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 864B - Virtual size: 848B

.reloc
Size: 736B - Virtual size: 726B

.text
Size: 175KB - Virtual size: 175KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 28KB - Virtual size: 45KB

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 27KB - Virtual size: 26KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

64:31:83:e3:08:18:90:f6:71:40:46:bb:93:f4:e5:9d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

c3:a8:73:53:d6:3f:89:31:79:a2:19:f6:dd:b4:6e:b5:3a:75:e5:42
Signer

.text
Size: 32KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 23KB

.pdata
Size: 1024B - Virtual size: 876B

.rsrc
Size: 5KB - Virtual size: 5KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

64:31:83:e3:08:18:90:f6:71:40:46:bb:93:f4:e5:9d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

60:8f:14:90:9a:cc:9c:1d:8b:27:bd:0a:55:cb:5a:02:0f:bc:d3:60
Signer

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 20KB - Virtual size: 44KB

.rsrc
Size: 8KB - Virtual size: 5KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 6KB