led-badge[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

led-badge.zip
Size

22.9MB
MD5

a99d2c09d7a1e6af2666c3910f7a55da
SHA1

cb687dad7a3b5b8a68125d660a9384f0b01bfeb3
SHA256

95e639ffe8613883f899bb5d15061a7d8f36045af42f3fa7942575a49faef21c
SHA512

2714b4d8d1f2aae1042d2998d8554935a533ab19cbbe340d3757842350f775c43f62a943024182271b3855735af6c268b63730b315572b8596ef89bfe5a0d0d3
SSDEEP

393216:xHjYfoYv9UHu7e4FCKjFBI02EwQwyIUj+BpXs536kehTGci:Fj5YlAx4xFBFPwQnFIpXscRvi

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Install.exe
unpack001/LED Display Profession Program/setup.exe
unpack001/LED Display Program/LED Badge.exe

Files

led-badge.zip
.zip
Help/Instruction(Chinese).doc
.doc windows office2003
Help/Instruction(English).doc
.doc windows office2003
Help/Instruction(Spanish).doc
.doc windows office2003
Help/User Manual-Korea.docx
.docx office2007
Install.exe
.exe windows:4 windows x86 arch:x86

792392fbf5375e04489a3b739f6608a2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarDup
__vbaStrToAnsi
__vbaVarMod
__vbaVarCopy
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LED Display Profession Program/BMPBadgeSetup.msi
.msi
LED Display Profession Program/setup.exe
.exe windows:5 windows x86 arch:x86

cfa06eb8ecb157d3e1e5170182639085

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setup.pdb

Imports

kernel32

Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
GetNativeSystemInfo
SetFilePointer
HeapSetInformation
CreateEventW
SetEvent
SizeofResource
LockResource
LoadResource
FindResourceW
GetVersionExW
CompareStringW
GetFileAttributesW
GetModuleFileNameW
ExpandEnvironmentStringsW
GlobalFree
OpenProcess
GetSystemDirectoryW
DeleteFileW
GetTempFileNameW
GetTempPathW
LocalFree
FormatMessageW
ReadFile
GetTimeFormatW
GetDateFormatW
CreateDirectoryW
CopyFileW
WideCharToMultiByte
GetWindowsDirectoryW
GetSystemInfo
GetCurrentProcess
GetEnvironmentVariableW
GetModuleHandleW
GetVersion
CreateFileW
EndUpdateResourceW
Sleep
GetDiskFreeSpaceExW
DeleteCriticalSection
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MulDiv
lstrlenW
GetExitCodeProcess
SetEndOfFile
GetTickCount
FindFirstFileW
FindNextFileW
FindClose
GlobalAlloc
LoadLibraryW
UpdateResourceA
BeginUpdateResourceA
InterlockedCompareExchange
FindResourceA
DeleteFileA
lstrlenA
CreateFileA
UpdateResourceW
BeginUpdateResourceW
GetEnvironmentVariableA
SetStdHandle
WriteConsoleW
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetProcessHeap
MultiByteToWideChar
LCMapStringW
GetStringTypeW
GetLocaleInfoW
IsValidCodePage
GetOEMCP
GetACP
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
QueryPerformanceCounter
HeapCreate
GetCurrentThreadId
InterlockedExchange
SwitchToThread
GetLastError
WaitForSingleObject
CloseHandle
GetProcAddress
FreeLibrary
WriteFile
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
LocalAlloc
LoadLibraryA
RaiseException
GetCommandLineW
GetStartupInfoW
RtlUnwind
HeapFree
InterlockedDecrement
GetCPInfo
SetUnhandledExceptionFilter
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount

gdi32

GetStockObject
EnumFontFamiliesExW
CreateFontIndirectW
DeleteObject
CreateCompatibleDC
GetDeviceCaps
GetObjectW
DeleteDC
SelectObject
GetTextMetricsW
GetTextExtentPoint32W

ole32

CoUninitialize
CoInitialize

secur32

GetComputerObjectNameW

shell32

ShellExecuteExW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
ShellExecuteA

user32

MessageBoxA
ShowScrollBar
GetClientRect
SendMessageA
SetClassLongW
SetWindowTextW
LoadCursorW
SetCursor
CreateDialogIndirectParamW
SetForegroundWindow
EnableWindow
GetFocus
SetFocus
ScreenToClient
MoveWindow
LoadIconW
SetDlgItemTextW
SendMessageW
GetDlgItem
MsgWaitForMultipleObjects
PeekMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
ShowWindow
SendDlgItemMessageW
GetWindowRect
SystemParametersInfoW
ExitWindowsEx
MessageBoxW
DrawTextW
GetSystemMetrics
GetDC
GetDialogBaseUnits
ReleaseDC
CreateDialogParamW
LoadImageW

crypt32

CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateChain

wininet

InternetCrackUrlW
InternetCombineUrlW

msi

ord8
ord150
ord78
ord92

Exports

Exports

_DecodePointerInternal@4
_EncodePointerInternal@4

Sections

.text
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LED Display Program/LED Badge.exe
.exe windows:5 windows x86 arch:x86

d619eda1a774da262071361b928bb2e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
lstrcpyA
lstrcatA
lstrlenA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
_lclose
GetModuleFileNameA
_lread
_llseek
_lopen
_lwrite
_lcreat
CreateDirectoryA
SetCurrentDirectoryA
GetDiskFreeSpaceA
GetFileAttributesA
CompareStringA
DeleteFileA
GetTempPathA
GetCurrentDirectoryA
CloseHandle
GetExitCodeProcess
GetLastError
LocalFree
GetCurrentProcess
MoveFileExA
GetStringTypeW
MultiByteToWideChar
LCMapStringW
HeapReAlloc
RtlUnwind
HeapSize
Sleep
RemoveDirectoryA
FreeLibrary
IsValidCodePage
GetOEMCP
GetModuleHandleW
ExitProcess
DecodePointer
HeapFree
HeapAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
HeapCreate
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP

user32

TranslateMessage
DispatchMessageA
PeekMessageA
wsprintfA
LoadCursorA
SetCursor
MessageBoxA
MsgWaitForMultipleObjects

advapi32

GetTokenInformation
OpenProcessToken

shell32

ShellExecuteExA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Read Me.txt

Sharing

General

Malware Config

Signatures

Files

792392fbf5375e04489a3b739f6608a2

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

cfa06eb8ecb157d3e1e5170182639085

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

ole32

secur32

shell32

user32

crypt32

wininet

msi

Exports

Exports

Sections

.text Size: 314KB - Virtual size: 314KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 77KB - Virtual size: 76KB

.reloc Size: 18KB - Virtual size: 17KB

d619eda1a774da262071361b928bb2e4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 314KB - Virtual size: 314KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 77KB - Virtual size: 76KB

.reloc
Size: 18KB - Virtual size: 17KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 4KB - Virtual size: 4KB