21a7924ac78b79c98c07f6e652d9061f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

21a7924ac78b79c98c07f6e652d9061f_JaffaCakes118
Size

5.1MB
MD5

21a7924ac78b79c98c07f6e652d9061f
SHA1

d90a7d51f6b613806031acebcf6c5fc1e4f817e9
SHA256

260de209385ae2369a0286fbb65f0c7358f79f85d4d8c568ab904ce6eb0ba8f4
SHA512

859a5b1ee56a7e64346eb2119f55ceefc197200232d90f49aae78cbbc9e6218f8e5f89f13ab2dadee495525b335c5f0e30217b05ab0faaaf424612339aa9ab4d
SSDEEP

98304:prS0U8DXu0CVPmfFr30zaFwIZjGmGTXndl5TSx8JY/EgvKvi4:prvUGAVudkSwO6sxoY/JKvi4

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack002/DMC1380-WF驱动/DMC1380-WF驱动/inf_winxp_win7_x32/drv_v32/wdapi921.dll
unpack002/DMC1380-WF驱动/DMC1380-WF驱动/inf_winxp_win7_x32/drv_v32/wdreg.exe
unpack002/DMC1380-WF驱动/DMC1380-WF驱动/inf_winxp_win7_x32/drv_v32/windrvr6.sys
unpack002/DMC1380-WF驱动/DMC1380-WF驱动/motion1380V1.1/Dmc1380.dll
unpack002/DMC1380-WF驱动/DMC1380-WF驱动/motion1380V1.1/Motin1380V1.4.exe
unpack002/DMC1380-WF驱动/DMC1380-WF驱动/函数库/Dmc1380.dll
unpack001/WFKA37_V5.7.2.23_R.exe

Files

21a7924ac78b79c98c07f6e652d9061f_JaffaCakes118
.zip
DMC1380-WF驱动.rar
.rar
DMC1380-WF驱动/DMC1380-WF驱动/inf_winxp_win7_x32/DMC1381.inf
DMC1380-WF驱动/DMC1380-WF驱动/inf_winxp_win7_x32/REG_Win7.bat
DMC1380-WF驱动/DMC1380-WF驱动/inf_winxp_win7_x32/drv_v32/difxapi.dll
.dll windows:6 windows x86 arch:x86

c8bb176aa316a8a34b7e7e1439c67e13

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

11/10/2005, 21:55

Not After

26/04/2010, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:10:c3:52:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/10/2005, 23:24

Not After

11/01/2007, 23:34

Subject

CN=Microsoft Windows Component Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

26:98:6b:1f:23:b8:07:df:c1:05:57:1b:9c:b8:b1:59:1a:1f:7c:a1
Signer

Actual PE Digest

26:98:6b:1f:23:b8:07:df:c1:05:57:1b:9c:b8:b1:59:1a:1f:7c:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DIFXAPI.pdb

Imports

ntdll

RtlUnwind
RtlNtStatusToDosError
VerSetConditionMask

kernel32

VerifyVersionInfoW
GetVersionExW
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryW
DeleteFileW
SetFileAttributesW
GetEnvironmentVariableW
CompareStringW
GetFileAttributesW
MoveFileExW
GetTempFileNameW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
GetSystemWindowsDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetFullPathNameW
CopyFileW
LocalFree
RemoveDirectoryW
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
CreateDirectoryW
LocalReAlloc
LocalAlloc
GetProcessHeap
ReleaseMutex
GetSystemDirectoryW
DeviceIoControl
WaitForSingleObject
CreateMutexW
GetSystemTimeAsFileTime
Sleep
RaiseException
GetVersionExA
HeapSize
GetCommandLineA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetModuleHandleA
ExitProcess
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
GetThreadLocale
WaitForMultipleObjects
InterlockedCompareExchange
SetEvent
CreateEventW
SetEndOfFile
SetLastError
InterlockedExchange
lstrcmpiW
InterlockedDecrement
GetLastError
InterlockedIncrement
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
HeapFree
HeapReAlloc
EnterCriticalSection
HeapAlloc
LeaveCriticalSection
HeapDestroy
GetModuleHandleW
DeleteCriticalSection
GetModuleFileNameA
OutputDebugStringA
HeapCreate
InitializeCriticalSection
TlsGetValue

user32

UnregisterClassA
CharLowerW
CharPrevW

setupapi

CM_Query_And_Remove_SubTreeW
SetupDiSetDeviceRegistryPropertyW
SetupQueueCopyIndirectW
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiSetSelectedDevice
SetupDiOpenDeviceInfoW
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiSetClassInstallParamsW
SetupDiClassNameFromGuidW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Locate_DevNodeW
CM_Get_DevNode_Status
CM_Setup_DevNode
SetupDiGetDeviceRegistryPropertyW
SetupGetTargetPathW
SetupInstallFilesFromInfSectionW
SetupPromptReboot
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupDiGetActualSectionToInstallW
SetupFindNextLine
SetupFindNextMatchLineW
SetupOpenInfFileW
SetupOpenFileQueue
SetupCommitFileQueueW
SetupQueueCopyW
SetupCloseFileQueue
SetupGetLineCountW
SetupCloseInfFile
SetupFindFirstLineW
SetupGetFieldCount
SetupGetIntField
CM_Enumerate_Classes
SetupDiEnumDeviceInfo
SetupInitDefaultQueueCallbackEx
SetupDefaultQueueCallbackW
SetupDiGetClassDevsW
SetupDiOpenClassRegKey
CM_Get_Device_IDW
SetupDiDestroyDeviceInfoList
SetupGetStringFieldW
pSetupGetGlobalFlags
pSetupSetGlobalFlags
SetupOpenAppendInfFileW
SetupCopyOEMInfW
SetupTermDefaultQueueCallback

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
SetEntriesInAclW
QueryServiceStatus
DeleteService
ControlService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW
RegCloseKey

ole32

StringFromCLSID
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

wintrust

CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust

crypt32

CertFreeCertificateContext
CertGetCTLContextProperty
CryptQueryObject
CertFreeCTLContext

Exports

Exports

DIFXAPISetLogCallbackA
DIFXAPISetLogCallbackW
DriverPackageGetPathA
DriverPackageGetPathW
DriverPackageInstallA
DriverPackageInstallW
DriverPackagePreinstallA
DriverPackagePreinstallW
DriverPackageUninstallA
DriverPackageUninstallW
SetDifxLogCallbackA
SetDifxLogCallbackW

Sections

.text
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DMC1380-WF驱动/DMC1380-WF驱动/inf_winxp_win7_x32/drv_v32/wd921.cat
DMC1380-WF驱动/DMC1380-WF驱动/inf_winxp_win7_x32/drv_v32/wdapi921.dll
.dll windows:4 windows x86 arch:x86

9408eb8b1429e66b4e1b95fe5013f7c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
CloseHandle
DeviceIoControl
CreateFileA
WaitForSingleObject
CreateEventA
SetEvent
CreateMutexA
ReleaseMutex
GetSystemInfo
GetFileSize
LocalFree
FormatMessageA
GetLastError
ReadFile
WriteFile
Sleep
VirtualQuery
VirtualProtect
GetProcessHeap
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
ExitThread
CreateThread
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
OutputDebugStringA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
GetFileAttributesA
RtlUnwind
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
InitializeCriticalSection
GetModuleHandleW
LoadLibraryA
MultiByteToWideChar
GetExitCodeProcess
CreateProcessA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

SetTimer
PostMessageA
SetWindowLongA
CallWindowProcA
KillTimer
SendMessageA

oleaut32

SysAllocString

Exports

Exports

EventAlloc
EventDup
EventFree
EventRegister
EventUnregister
FreeDllPtr
GetPageCount
GetPageSize
HSConfigurePci
HSWatchAlloc
HSWatchFree
InterruptDisable
InterruptEnable
InterruptThreadDisable
InterruptThreadEnable
OsEventClose
OsEventCreate
OsEventReset
OsEventSignal
OsEventWait
OsMutexClose
OsMutexCreate
OsMutexLock
OsMutexUnlock
PciEventCreate
PcmciaEventCreate
PrintDbgMessage
SleepWrapper
Stat2Str
ThreadStart
ThreadStop
ThreadWait
UtilClrScr
UtilGetFileName
UtilGetFileSize
UtilGetStringFromUser
VB_EventRegister
VB_EventUnregister
VB_InterruptDisable
VB_InterruptEnable
VB_Stat2Str
VB_ThreadLoopStart
VB_ThreadLoopStop
WDC_AddrSpaceIsActive
WDC_CallKerPlug
WDC_CardCleanupSetup
WDC_DMABufUnlock
WDC_DMAContigBufLock
WDC_DMASGBufLock
WDC_DMASyncCpu
WDC_DMASyncIo
WDC_DriverClose
WDC_DriverOpen
WDC_Err
WDC_EventIsRegistered
WDC_EventRegister
WDC_EventUnregister
WDC_GetBusType
WDC_GetDevContext
WDC_GetWDHandle
WDC_IntDisable
WDC_IntEnable
WDC_IntIsEnabled
WDC_IsaDeviceClose
WDC_IsaDeviceOpen
WDC_KernelPlugInOpen
WDC_MultiTransfer
WDC_PciDeviceClose
WDC_PciDeviceOpen
WDC_PciGetDeviceInfo
WDC_PciReadCfg
WDC_PciReadCfg16
WDC_PciReadCfg32
WDC_PciReadCfg64
WDC_PciReadCfg8
WDC_PciReadCfgBySlot
WDC_PciReadCfgBySlot16
WDC_PciReadCfgBySlot32
WDC_PciReadCfgBySlot64
WDC_PciReadCfgBySlot8
WDC_PciScanDevices
WDC_PciScanDevicesByTopology
WDC_PciWriteCfg
WDC_PciWriteCfg16
WDC_PciWriteCfg32
WDC_PciWriteCfg64
WDC_PciWriteCfg8
WDC_PciWriteCfgBySlot
WDC_PciWriteCfgBySlot16
WDC_PciWriteCfgBySlot32
WDC_PciWriteCfgBySlot64
WDC_PciWriteCfgBySlot8
WDC_PcmciaDeviceClose
WDC_PcmciaDeviceOpen
WDC_PcmciaGetDeviceInfo
WDC_PcmciaReadAttribSpace
WDC_PcmciaScanDevices
WDC_PcmciaSetVpp
WDC_PcmciaSetWindow
WDC_PcmciaWriteAttribSpace
WDC_ReadAddr16
WDC_ReadAddr32
WDC_ReadAddr64
WDC_ReadAddr8
WDC_ReadAddrBlock
WDC_SetDebugOptions
WDC_SharedBufferAlloc
WDC_Sleep
WDC_Trace
WDC_Version
WDC_WriteAddr16
WDC_WriteAddr32
WDC_WriteAddr64
WDC_WriteAddr8
WDC_WriteAddrBlock
WDU_GetDeviceAddr
WDU_GetDeviceInfo
WDU_GetDeviceRegistryProperty
WDU_GetLangIDs
WDU_GetStringDesc
WDU_HaltTransfer
WDU_Init
WDU_PutDeviceInfo
WDU_ResetDevice
WDU_ResetPipe
WDU_SelectiveSuspend
WDU_SetInterface
WDU_StreamClose
WDU_StreamFlush
WDU_StreamGetStatus
WDU_StreamOpen
WDU_StreamRead
WDU_StreamStart
WDU_StreamStop
WDU_StreamWrite
WDU_Transfer
WDU_TransferBulk
WDU_TransferDefaultPipe
WDU_TransferInterrupt
WDU_TransferIsoch
WDU_Uninit
WDU_VB_Init
WDU_VB_Uninit
WDU_Wakeup
WD_CloseLog
WD_DriverName
WD_LogAdd
WD_LogStart
WD_LogStop
WD_OpenLog
WD_VB_DriverName
WD_VB_InterruptThreadDisable
WD_VB_InterruptThreadEnable
WdFunctionLog
get_os_type
vPrintDbgMessage

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DMC1380-WF驱动/DMC1380-WF驱动/inf_winxp_win7_x32/drv_v32/wdreg.exe
.exe windows:4 windows x86 arch:x86

f3e8ea0a07a0fed18f1ced18581967af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\cygwin\home\bat\bat\wd_921_full_winxp\wd\samples\wdreg\WIN32\wdreg.pdb

Imports

kernel32

DeleteFileA
GetWindowsDirectoryA
DeviceIoControl
WaitForSingleObject
CreateEventA
SetEvent
CreateFileA
ReleaseMutex
GetSystemInfo
GetVersionExA
GetSystemDirectoryA
Sleep
GetFileSize
ReadFile
CloseHandle
lstrlenA
LocalAlloc
LoadLibraryExA
GetProcAddress
FreeLibrary
GetLastError
FormatMessageA
LocalFree
CreateMutexA
GetFullPathNameA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
RtlUnwind
ExitThread
CreateThread
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
FatalAppExitA
VirtualAlloc
HeapReAlloc
OutputDebugStringA
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
GetFileAttributesA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSection
GetModuleHandleW
SetFilePointer
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
SetConsoleCtrlHandler
InterlockedExchange
LoadLibraryA
RaiseException
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
VirtualProtect
VirtualQuery
FlushFileBuffers
GetExitCodeProcess
CreateProcessA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetProcessHeap
GetLocaleInfoW
ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents

advapi32

DeleteService
ControlService
OpenServiceA
CreateServiceA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
OpenSCManagerA
CloseServiceHandle
StartServiceA

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DMC1380-WF驱动/DMC1380-WF驱动/inf_winxp_win7_x32/drv_v32/windrvr6.inf
DMC1380-WF驱动/DMC1380-WF驱动/inf_winxp_win7_x32/drv_v32/windrvr6.sys
.sys windows:3 windows x86 arch:x86

3f9f5163f3b93665268daba920efe965

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\cygwin\home\bat\bat\wd_921_full_winxp\wd\kernel\WINNT.i386\windrvr6.pdb

Imports

ntoskrnl.exe

IoAcquireCancelSpinLock
KeInitializeSpinLock
toupper
strncpy
vsprintf
RtlExtendedLargeIntegerDivide
KeQuerySystemTime
RtlExtendedIntegerMultiply
IoReleaseCancelSpinLock
InterlockedIncrement
memset
InterlockedDecrement
MmGetSystemRoutineAddress
RtlInitUnicodeString
RtlAssert
IoFreeIrp
ObfDereferenceObject
InterlockedExchange
strncmp
wcschr
KeBugCheckEx
RtlUnwind
sprintf
_wcsicmp
DbgPrint
InterlockedExchangeAdd
memcpy

usbd.sys

_USBD_CreateConfigurationRequestEx@8
_USBD_ParseConfigurationDescriptorEx@28

hal

KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
KfRaiseIrql

Sections

.text
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 894B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 960B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DMC1380-WF驱动/DMC1380-WF驱动/inf_winxp_win7_x32/win7安装使用说明.txt
DMC1380-WF驱动/DMC1380-WF驱动/motion1380V1.1/D1380.dat
DMC1380-WF驱动/DMC1380-WF驱动/motion1380V1.1/Dmc1380.dll
.dll windows:4 windows x86 arch:x86

933b3dddf499fa98e5d7377b6b36fa45

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
WaitForSingleObject
CreateFileA
DeviceIoControl
GetVersionExA
HeapFree
RtlUnwind
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetLastError
GetCurrentThreadId
TlsSetValue
TlsGetValue
GetCommandLineA
GetVersion
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TlsAlloc
TlsFree
SetLastError
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
TerminateProcess
GetCurrentProcess
GetProcAddress
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetUnhandledExceptionFilter
IsBadCodePtr
GetCPInfo
GetStringTypeA
GetStringTypeW
SetFilePointer
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
RaiseException
FlushFileBuffers

Exports

Exports

d1000_board_close
d1000_board_init
d1000_change_speed
d1000_check_done
d1000_check_sn
d1000_decel_stop
d1000_get_axis_status
d1000_get_command_pos
d1000_get_outbit
d1000_get_password
d1000_get_speed
d1000_home_move
d1000_immediate_stop
d1000_in_bit
d1000_in_enable
d1000_out_bit
d1000_set_command_pos
d1000_set_pls_outmode
d1000_set_sd
d1000_start_t_line
d1000_start_t_move
d1000_start_ta_line
d1000_start_ta_move
d1000_start_tv_move

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DMC1380-WF驱动/DMC1380-WF驱动/motion1380V1.1/Motin1380V1.4.exe
.exe windows:4 windows x86 arch:x86

730073214094cd328547bf1f72289752

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
WriteProcessMemory
VirtualProtectEx
GetModuleFileNameW
DuplicateHandle
GetCurrentProcess
SetFileTime
CopyFileW
GetDriveTypeW
GetFileTime
CreateFileW
SetErrorMode
GetTempFileNameW
GetTempPathW
ExitProcess
Sleep
DeleteFileW
CloseHandle
WaitForSingleObject
CreateProcessW
ReadProcessMemory
GetThreadSelectorEntry
GetThreadContext
GetLastError
lstrlenW
GetModuleHandleW
GetStartupInfoW

user32

MessageBoxA

shell32

ShellExecuteW

msvcrt

memset
wcscpy
free
_fileno
_chsize
wcsrchr
wcscat
malloc
fclose
fread
fwrite
fseek
_wfopen
sprintf
fflush
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DMC1380-WF驱动/DMC1380-WF驱动/motion1380V1.1/data.txt
DMC1380-WF驱动/DMC1380-WF驱动/函数库/Dmc1380.dll
.dll windows:4 windows x86 arch:x86

933b3dddf499fa98e5d7377b6b36fa45

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
WaitForSingleObject
CreateFileA
DeviceIoControl
GetVersionExA
HeapFree
RtlUnwind
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetLastError
GetCurrentThreadId
TlsSetValue
TlsGetValue
GetCommandLineA
GetVersion
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TlsAlloc
TlsFree
SetLastError
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
TerminateProcess
GetCurrentProcess
GetProcAddress
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetUnhandledExceptionFilter
IsBadCodePtr
GetCPInfo
GetStringTypeA
GetStringTypeW
SetFilePointer
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
RaiseException
FlushFileBuffers

Exports

Exports

d1000_board_close
d1000_board_init
d1000_change_speed
d1000_check_done
d1000_check_sn
d1000_decel_stop
d1000_get_axis_status
d1000_get_command_pos
d1000_get_outbit
d1000_get_password
d1000_get_speed
d1000_home_move
d1000_immediate_stop
d1000_in_bit
d1000_in_enable
d1000_out_bit
d1000_set_command_pos
d1000_set_pls_outmode
d1000_set_sd
d1000_start_t_line
d1000_start_t_move
d1000_start_ta_line
d1000_start_ta_move
d1000_start_tv_move

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DMC1380-WF驱动/DMC1380-WF驱动/函数库/Dmc1380.lib
WFKA37_V5.7.2.23_R.exe
.exe windows:4 windows x86 arch:x86

730073214094cd328547bf1f72289752

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
WriteProcessMemory
VirtualProtectEx
GetModuleFileNameW
DuplicateHandle
GetCurrentProcess
SetFileTime
CopyFileW
GetDriveTypeW
GetFileTime
CreateFileW
SetErrorMode
GetTempFileNameW
GetTempPathW
ExitProcess
Sleep
DeleteFileW
CloseHandle
WaitForSingleObject
CreateProcessW
ReadProcessMemory
GetThreadSelectorEntry
GetThreadContext
GetLastError
lstrlenW
GetModuleHandleW
GetStartupInfoW

user32

MessageBoxA

shell32

ShellExecuteW

msvcrt

memset
wcscpy
free
_fileno
_chsize
wcsrchr
wcscat
malloc
fclose
fread
fwrite
fseek
_wfopen
sprintf
fflush
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8bb176aa316a8a34b7e7e1439c67e13

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88Certificate

Extended Key Usages

Key Usages

61:10:c3:52:00:00:00:00:00:03Certificate

Extended Key Usages

Key Usages

26:98:6b:1f:23:b8:07:df:c1:05:57:1b:9c:b8:b1:59:1a:1f:7c:a1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

user32

setupapi

advapi32

ole32

wintrust

crypt32

Exports

Exports

Sections

.text Size: 280KB - Virtual size: 279KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 17KB - Virtual size: 16KB

9408eb8b1429e66b4e1b95fe5013f7c4

Headers

File Characteristics

Imports

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 880B

.reloc Size: 8KB - Virtual size: 5KB

f3e8ea0a07a0fed18f1ced18581967af

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Sections

.text Size: 216KB - Virtual size: 216KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 8KB - Virtual size: 14KB

.idata Size: 8KB - Virtual size: 4KB

.rsrc Size: 32KB - Virtual size: 32KB

3f9f5163f3b93665268daba920efe965

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

usbd.sys

hal

Sections

.text Size: 174KB - Virtual size: 174KB

.data Size: 5KB - Virtual size: 5KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

61:10:c3:52:00:00:00:00:00:03
Certificate

26:98:6b:1f:23:b8:07:df:c1:05:57:1b:9c:b8:b1:59:1a:1f:7c:a1
Signer

.text
Size: 280KB - Virtual size: 279KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 16KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 880B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 216KB - Virtual size: 216KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 8KB - Virtual size: 14KB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 32KB - Virtual size: 32KB

.text
Size: 174KB - Virtual size: 174KB

.data
Size: 5KB - Virtual size: 5KB

INIT
Size: 896B - Virtual size: 894B

.rsrc
Size: 960B - Virtual size: 952B

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 25KB

.rsrc
Size: 4KB - Virtual size: 1016B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 40KB

.rsrc
Size: 228KB - Virtual size: 228KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 25KB

.rsrc
Size: 4KB - Virtual size: 1016B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 56KB

.rsrc
Size: 11KB - Virtual size: 11KB