Heimdall-Windows-master-012220[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Heimdall-Windows-master-012220.zip
Size

5.8MB
MD5

e562b5a56ae4e05b2e25176bab2a0111
SHA1

6ed5c407907df7082b0f9a93a23db36a24a34424
SHA256

14daf4eb42660e45448a4b4e274315f130d38ad885f77ef8ff939c7291618671
SHA512

5ada5f745fb5b5be04db50d3a7bc050ed0491d8d5d490be0d1d334da38c34a9001968e49acdd4f08011f2cd1ba5e743851af9025612d5dc62fe896b9565b6703
SSDEEP

98304:JqtHw0FoUscm0/RLoTj7ZY+YUoJ6W8PYHUitl/o2cgI754LQb+QQENeLXVLk2Rhv:gw0+Usy/RMof0itS2cgtLs+JMeLXVLjF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/zadig-2.4.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Heimdall.exe
unpack001/libusb-1.0.dll

Files

Heimdall-Windows-master-012220.zip
.zip
Heimdall.exe
.exe windows:6 windows x86 arch:x86

8f2ed79c4d58b3614bf0fb4d20d42150

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\gitlab\Stricted\Heimdall\Release\Heimdall.pdb

Imports

libusb-1.0

libusb_get_device_list
libusb_close
libusb_free_device_list
libusb_set_interface_alt_setting
libusb_set_debug
libusb_release_interface
libusb_unref_device
libusb_open
libusb_bulk_transfer
libusb_ref_device
libusb_get_string_descriptor_ascii
libusb_get_config_descriptor
libusb_exit
libusb_get_device_descriptor
libusb_claim_interface
libusb_init
libusb_free_config_descriptor

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess
Sleep
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
IsProcessorFeaturePresent
UnhandledExceptionFilter

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

memcpy
memmove
memset
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
_CxxThrowException
__current_exception
__current_exception_context
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_errno
_controlfp_s
terminate
_c_exit
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
__p___argv
__p___argc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
fflush
__acrt_iob_func
fwrite
__p__commode
fclose
fopen
_fseeki64
_set_fmode
_ftelli64
fread
rewind

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Heimdall.iobj
Heimdall.ipdb
Heimdall.pdb
libpit.lib
libusb-1.0.dll
.dll windows:6 windows x86 arch:x86

e496185921dd2133fc7b2aa2cef1665b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\libusb\libusb\os\objfre_wxp_x86\i386\libusb-1.0.pdb

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
_beginthreadex
strncmp
sscanf
_strdup
strtok
_stricmp
toupper
sprintf
_strnicmp
_errno
memcpy
realloc
calloc
memset
free
memmove
getenv
atoi
_snprintf
_vsnprintf
_iob
fputs
malloc

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTickCount
RtlUnwind
InterlockedCompareExchange
Sleep
QueryPerformanceFrequency
GetProcessAffinityMask
SetThreadAffinityMask
QueryPerformanceCounter
TerminateThread
FormatMessageA
ReadFile
WriteFile
GetOverlappedResult
CreateFileA
DeviceIoControl
GetCurrentProcessId
CreateSemaphoreA
ReleaseSemaphore
GetVersionExA
VerSetConditionMask
VerifyVersionInfoA
FreeLibrary
LoadLibraryA
GetLastError
ResetEvent
WaitForMultipleObjects
GetCurrentProcess
DuplicateHandle
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CancelIo
GetModuleHandleA
GetProcAddress
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
CreateEventA
SetEvent
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexA
InterlockedExchange
SleepEx
GetSystemTimeAsFileTime

Exports

Exports

libusb_alloc_streams
libusb_alloc_streams
libusb_alloc_transfer
libusb_alloc_transfer
libusb_attach_kernel_driver
libusb_attach_kernel_driver
libusb_bulk_transfer
libusb_bulk_transfer
libusb_cancel_transfer
libusb_cancel_transfer
libusb_claim_interface
libusb_claim_interface
libusb_clear_halt
libusb_clear_halt
libusb_close
libusb_close
libusb_control_transfer
libusb_control_transfer
libusb_detach_kernel_driver
libusb_detach_kernel_driver
libusb_dev_mem_alloc
libusb_dev_mem_alloc
libusb_dev_mem_free
libusb_dev_mem_free
libusb_error_name
libusb_error_name
libusb_event_handler_active
libusb_event_handler_active
libusb_event_handling_ok
libusb_event_handling_ok
libusb_exit
libusb_exit
libusb_free_bos_descriptor
libusb_free_bos_descriptor
libusb_free_config_descriptor
libusb_free_config_descriptor
libusb_free_container_id_descriptor
libusb_free_container_id_descriptor
libusb_free_device_list
libusb_free_device_list
libusb_free_pollfds
libusb_free_pollfds
libusb_free_ss_endpoint_companion_descriptor
libusb_free_ss_endpoint_companion_descriptor
libusb_free_ss_usb_device_capability_descriptor
libusb_free_ss_usb_device_capability_descriptor
libusb_free_streams
libusb_free_streams
libusb_free_transfer
libusb_free_transfer
libusb_free_usb_2_0_extension_descriptor
libusb_free_usb_2_0_extension_descriptor
libusb_get_active_config_descriptor
libusb_get_active_config_descriptor
libusb_get_bos_descriptor
libusb_get_bos_descriptor
libusb_get_bus_number
libusb_get_bus_number
libusb_get_config_descriptor
libusb_get_config_descriptor
libusb_get_config_descriptor_by_value
libusb_get_config_descriptor_by_value
libusb_get_configuration
libusb_get_configuration
libusb_get_container_id_descriptor
libusb_get_container_id_descriptor
libusb_get_device
libusb_get_device
libusb_get_device_address
libusb_get_device_address
libusb_get_device_descriptor
libusb_get_device_descriptor
libusb_get_device_list
libusb_get_device_list
libusb_get_device_speed
libusb_get_device_speed
libusb_get_max_iso_packet_size
libusb_get_max_iso_packet_size
libusb_get_max_packet_size
libusb_get_max_packet_size
libusb_get_next_timeout
libusb_get_next_timeout
libusb_get_parent
libusb_get_parent
libusb_get_pollfds
libusb_get_pollfds
libusb_get_port_number
libusb_get_port_number
libusb_get_port_numbers
libusb_get_port_numbers
libusb_get_port_path
libusb_get_port_path
libusb_get_ss_endpoint_companion_descriptor
libusb_get_ss_endpoint_companion_descriptor
libusb_get_ss_usb_device_capability_descriptor
libusb_get_ss_usb_device_capability_descriptor
libusb_get_string_descriptor_ascii
libusb_get_string_descriptor_ascii
libusb_get_usb_2_0_extension_descriptor
libusb_get_usb_2_0_extension_descriptor
libusb_get_version
libusb_get_version
libusb_handle_events
libusb_handle_events
libusb_handle_events_completed
libusb_handle_events_completed
libusb_handle_events_locked
libusb_handle_events_locked
libusb_handle_events_timeout
libusb_handle_events_timeout
libusb_handle_events_timeout_completed
libusb_handle_events_timeout_completed
libusb_has_capability
libusb_has_capability
libusb_hotplug_deregister_callback
libusb_hotplug_deregister_callback
libusb_hotplug_register_callback
libusb_hotplug_register_callback
libusb_init
libusb_init
libusb_interrupt_event_handler
libusb_interrupt_event_handler
libusb_interrupt_transfer
libusb_interrupt_transfer
libusb_kernel_driver_active
libusb_kernel_driver_active
libusb_lock_event_waiters
libusb_lock_event_waiters
libusb_lock_events
libusb_lock_events
libusb_open
libusb_open
libusb_open_device_with_vid_pid
libusb_open_device_with_vid_pid
libusb_pollfds_handle_timeouts
libusb_pollfds_handle_timeouts
libusb_ref_device
libusb_ref_device
libusb_release_interface
libusb_release_interface
libusb_reset_device
libusb_reset_device
libusb_set_auto_detach_kernel_driver
libusb_set_auto_detach_kernel_driver
libusb_set_configuration
libusb_set_configuration
libusb_set_debug
libusb_set_debug
libusb_set_interface_alt_setting
libusb_set_interface_alt_setting
libusb_set_pollfd_notifiers
libusb_set_pollfd_notifiers
libusb_setlocale
libusb_setlocale
libusb_strerror
libusb_strerror
libusb_submit_transfer
libusb_submit_transfer
libusb_transfer_get_stream_id
libusb_transfer_get_stream_id
libusb_transfer_set_stream_id
libusb_transfer_set_stream_id
libusb_try_lock_events
libusb_try_lock_events
libusb_unlock_event_waiters
libusb_unlock_event_waiters
libusb_unlock_events
libusb_unlock_events
libusb_unref_device
libusb_unref_device
libusb_wait_for_event
libusb_wait_for_event

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
zadig-2.4.exe
.exe windows:6 windows x86 arch:x86

Code Sign

24:69:26:63:ef:6c:0c:0a:3b:23:cf:a3:10:c3:64:9b
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

16/03/2018, 00:00

Not After

16/03/2022, 23:59

Subject

CN=Akeo Consulting,O=Akeo Consulting,POSTALCODE=F92 D667,STREET=24 Grey Rock,L=Milford,ST=Co. Donegal,C=IE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

69:42:2b:da:e1:e6:92:2d:7d:c7:d2:71:0c:d2:a9:1f:46:8f:77:e6:e4:07:99:c7:82:10:ca:c1:e5:b7:f2:f0
Signer

Actual PE Digest

69:42:2b:da:e1:e6:92:2d:7d:c7:d2:71:0c:d2:a9:1f:46:8f:77:e6:e4:07:99:c7:82:10:ca:c1:e5:b7:f2:f0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8f2ed79c4d58b3614bf0fb4d20d42150

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libusb-1.0

kernel32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 49KB - Virtual size: 48KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

e496185921dd2133fc7b2aa2cef1665b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 85KB - Virtual size: 85KB

.data Size: 1KB - Virtual size: 16KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

Code Sign

24:69:26:63:ef:6c:0c:0a:3b:23:cf:a3:10:c3:64:9bCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

69:42:2b:da:e1:e6:92:2d:7d:c7:d2:71:0c:d2:a9:1f:46:8f:77:e6:e4:07:99:c7:82:10:ca:c1:e5:b7:f2:f0Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.5MB

UPX1 Size: 4.9MB - Virtual size: 4.9MB

.rsrc Size: 30KB - Virtual size: 32KB

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 85KB - Virtual size: 85KB

.data
Size: 1KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB

24:69:26:63:ef:6c:0c:0a:3b:23:cf:a3:10:c3:64:9b
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

69:42:2b:da:e1:e6:92:2d:7d:c7:d2:71:0c:d2:a9:1f:46:8f:77:e6:e4:07:99:c7:82:10:ca:c1:e5:b7:f2:f0
Signer

UPX0
Size: - Virtual size: 1.5MB

UPX1
Size: 4.9MB - Virtual size: 4.9MB

.rsrc
Size: 30KB - Virtual size: 32KB