a1e90da00ffeab404f5344f2a3f6035125f4bee8ff2a44f262c13cf086912003

Sharing

Copy URL Twitter E-mail

General

Target

a1e90da00ffeab404f5344f2a3f6035125f4bee8ff2a44f262c13cf086912003
Size

77KB
MD5

e995e31c81be6cf97b19d5df61cca82d
SHA1

d6828b968279a7d175d7154ea5ee57d5a40dbf42
SHA256

a1e90da00ffeab404f5344f2a3f6035125f4bee8ff2a44f262c13cf086912003
SHA512

37bb26a1448b263045f480d5a12966f2aa054cf9bb18034071d69fb0453ba7c925e9bf4495bd7eb676fb656ba7df7e8425b9255d2617e87fa0da3417587cb0d1
SSDEEP

1536:o7JbQXs+4T1asO8FaFRSVBHCSv/E9uspR74Y8BnmJ8eIhJr6Kem8rhFMAz/GCq2d:IJs8xasriRQ7v/EksV8BnmweNhFFrGCH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1e90da00ffeab404f5344f2a3f6035125f4bee8ff2a44f262c13cf086912003

Files

a1e90da00ffeab404f5344f2a3f6035125f4bee8ff2a44f262c13cf086912003
.exe windows:6 windows x86 arch:x86

be67bfbe65def16026cd03253aa0ae5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\Win32\Release\usbmuxd.pdb

Imports

ws2_32

htons
accept
htonl
send
ntohs
recv
ioctlsocket
ntohl
WSAGetLastError
WSAPoll
socket
inet_addr
WSAStartup
listen
setsockopt
bind
closesocket

libusb-1.0

libusb_free_device_list
libusb_handle_events_timeout
libusb_close
libusb_error_name
libusb_release_interface
libusb_open
libusb_free_transfer
libusb_get_device_address
libusb_alloc_transfer
libusb_get_bus_number
libusb_hotplug_register_callback
libusb_submit_transfer
libusb_get_max_packet_size
libusb_get_configuration
libusb_get_version
libusb_get_string_descriptor_ascii
libusb_get_device_speed
libusb_hotplug_deregister_callback
libusb_strerror
libusb_exit
libusb_get_device_descriptor
libusb_get_active_config_descriptor
libusb_has_capability
libusb_set_option
libusb_claim_interface
libusb_init
libusb_get_device_list
libusb_free_config_descriptor
libusb_cancel_transfer

libusb0

usb_get_string_simple
usb_set_debug
usb_find_busses
usb_open
usb_get_busses
usb_close
usb_init
usb_find_devices
usb_set_configuration

pthreadvc3

pthread_create
pthread_attr_init
pthread_attr_setdetachstate
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_destroy
pthread_mutex_unlock

plist

plist_new_uint
plist_new_bool
plist_copy
plist_get_uint_val
plist_dict_get_item
plist_to_xml
plist_new_dict
plist_get_string_val
plist_array_append_item
plist_from_bin
plist_dict_remove_item
plist_get_data_val
plist_get_node_type
plist_from_xml
plist_free
plist_new_data
plist_dict_set_item
plist_new_string
plist_new_array

imobiledevice

lockdownd_start_service
lockdownd_client_new
np_client_new
lockdownd_client_free
lockdownd_get_value
np_observe_notifications
lockdownd_set_value
idevice_free
lockdownd_pair
lockdownd_validate_pair
np_set_notify_callback
lockdownd_query_type
lockdownd_start_session
idevice_set_socket_type
lockdownd_service_descriptor_free
idevice_set_debug_level
np_client_free

kernel32

Sleep
GetSystemTime
SystemTimeToFileTime
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
ReleaseMutex
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
CreateMutexA
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree

getopt

optarg_a
getopt_long_a

vcruntime140

_except_handler4_common
memmove
__current_exception
__current_exception_context
memcpy
memset

api-ms-win-crt-heap-l1-1-0

realloc
free
_set_new_mode
malloc

api-ms-win-crt-string-l1-1-0

strncpy
_strdup

api-ms-win-crt-runtime-l1-1-0

_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe
terminate
_controlfp_s
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
exit
__p___argc
_c_exit
strerror
_cexit
_errno
__p___argv

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__acrt_iob_func
freopen
__p__commode
_set_fmode
ftell
fopen
fclose
fseek
rewind
fwrite
fread
__stdio_common_vfprintf

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-filesystem-l1-1-0

_stat32
_splitpath
_mkdir
remove

api-ms-win-crt-time-l1-1-0

strftime
_time32
_localtime32

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

��u�
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

be67bfbe65def16026cd03253aa0ae5c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

libusb-1.0

libusb0

pthreadvc3

plist

imobiledevice

kernel32

shell32

ole32

getopt

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 35KB - Virtual size: 34KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

�����u� Size: 16KB - Virtual size: 20KB

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB

��u�
Size: 16KB - Virtual size: 20KB