c7be87741674b5ca30ecfd84b2ce4414f696c8fcf06c7c90a44620c1f7f94579

Sharing

Copy URL Twitter E-mail

General

Target

c7be87741674b5ca30ecfd84b2ce4414f696c8fcf06c7c90a44620c1f7f94579
Size

770KB
MD5

e512f04f793d8161f5e9bfcb5d58d1cc
SHA1

8c55cab67f1825abdf3ef461bf9bde680d27a740
SHA256

c7be87741674b5ca30ecfd84b2ce4414f696c8fcf06c7c90a44620c1f7f94579
SHA512

b4623083acec62c5285162b526ea3d4f5692971e6e446c4d8bed17a0ffb19e9e24c8f8863b4aab8549a700ffbc66e35df9a9243df598a289d4669e6b16d103a7
SSDEEP

12288:Mbys1T33niS145+/zRWc4xspSNBTz9ZOQ/njPTHcQTIGBzLRmxQqRTI3KeV+3rdX:Sys1z3niEpsBT3OQ/jNI5RTI0pj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7be87741674b5ca30ecfd84b2ce4414f696c8fcf06c7c90a44620c1f7f94579

Files

c7be87741674b5ca30ecfd84b2ce4414f696c8fcf06c7c90a44620c1f7f94579
.dll windows:5 windows x86 arch:x86

271f5787bb98f661425f81a2640f188f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\Code\03FinanceMach\CDS\02BRM\6040w\up\sw_drv\drv\D_Usb11_YH_CC\Release\D_Usb11_YH_CC.pdb

Imports

pthreadvc2

pthread_join
pthread_exit
pthread_create
pthread_cancel
pthread_attr_setschedparam
pthread_attr_getschedparam
pthread_attr_setschedpolicy
pthread_attr_setstacksize
pthread_attr_destroy
pthread_attr_init
sem_post
sem_timedwait
sem_trywait
sem_close
sem_destroy
sem_init
pthread_mutexattr_destroy
pthread_mutex_unlock
pthread_mutex_timedlock
pthread_mutex_destroy
pthread_mutex_init

kernel32

GlobalUnlock
GlobalFree
SizeofResource
LockResource
LoadResource
FindResourceW
CreateProcessA
GetExitCodeProcess
OutputDebugStringA
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
RaiseException
HeapSize
DecodePointer
MultiByteToWideChar
GetACP
SetLastError
GetModuleFileNameW
GetModuleHandleW
LoadLibraryW
LocalFree
FormatMessageA
GetCurrentThread
GetCurrentThreadId
GetVersionExA
LoadLibraryExW
GlobalDeleteAtom
lstrcmpA
CompareStringA
GlobalAddAtomA
GetCurrentProcessId
GlobalLock
GetSystemDirectoryW
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
SetErrorMode
FileTimeToSystemTime
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
FlushFileBuffers
GetFullPathNameA
ReadFile
SetEndOfFile
WriteFile
GetCurrentProcess
GetVolumeInformationA
GetOEMCP
GetCPInfo
FileTimeToLocalFileTime
GetFileAttributesExA
GetSystemTimeAsFileTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
RtlUnwind
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapQueryInformation
DeleteFileW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
GetStdHandle
GetFileType
GetStartupInfoW
IsValidCodePage
CreateDirectoryW
FindFirstFileExW
FindNextFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
GetStringTypeW
LCMapStringW
OutputDebugStringW
CreateFileW
SetEnvironmentVariableA
GlobalAlloc
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
RemoveDirectoryW
DeleteCriticalSection
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
CreateMutexA
WideCharToMultiByte
CopyFileA
GetLastError
lstrcatA
CloseHandle
lstrlenA
lstrcpyA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateFileA
GetModuleHandleA
GetModuleFileNameA
DeleteFileA
FindNextFileA
FindFirstFileA
FindClose
GetFileAttributesA
GetProcAddress
FreeLibrary
LoadLibraryA
CreateDirectoryA
GetTickCount
GetLocalTime
Sleep
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
EncodePointer

user32

GetMonitorInfoA
ShowWindow
SetWindowTextA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColorBrush
LoadCursorA
ClientToScreen
RealChildWindowFromPoint
SetTimer
KillTimer
InvalidateRect
DrawTextA
DrawTextExA
GrayStringA
TabbedTextOutA
CharUpperA
DestroyMenu
MonitorFromWindow
GetWindowLongA
MessageBoxA
IsWindowEnabled
EnableWindow
SetCursor
CallNextHookEx
SetWindowsHookExA
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
PeekMessageA
GetClassNameA
TranslateMessage
GetMessageA
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
SendMessageA
UnhookWindowsHookEx
PostQuitMessage
PostMessageA
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetParent
UnregisterClassA
wsprintfA
GetClassLongA
WinHelpA
LoadIconW
LoadIconA
GetTopWindow
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
GetClientRect
RemovePropA
GetPropA
SetPropA
RedrawWindow
SetForegroundWindow
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
GetDlgItem
SetWindowPos
DestroyWindow
IsWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
SetWindowLongA
DispatchMessageA
PtInRect
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
GetWindow
GetWindowTextA
GetLastActivePopup
GetWindowThreadProcessId

gdi32

GetDeviceCaps
CreateBitmap
SetBkColor
ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutA
TextOutA
SetMapMode
SetTextColor
DeleteObject
DeleteDC
Escape
GetClipBox
GetStockObject
PtVisible
RectVisible
RestoreDC
SaveDC
SelectObject

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegEnumValueA
RegFlushKey
RegSetValueExA

shlwapi

PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA

ole32

CoTaskMemFree
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringLen
VariantInit
VariantClear
VariantChangeType
SysFreeString

imagehlp

MakeSureDirectoryPathExists

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdA
SetupDiDestroyDeviceInfoList
CM_Get_DevNode_Status
SetupDiSetClassInstallParamsA
SetupDiGetClassDevsA
SetupDiCallClassInstaller

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

oleacc

LresultFromObject
CreateStdAccessibleObject

Exports

Exports

CheckModule
Device_Close
Device_GetSystemInfo
Device_GetTrace
Device_Open
Device_OpenEx
Device_Receive
Device_Reset
Device_Send

Sections

.text
Size: 532KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

271f5787bb98f661425f81a2640f188f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

pthreadvc2

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

ole32

oleaut32

imagehlp

setupapi

version

oleacc

Exports

Exports

Sections

.text Size: 532KB - Virtual size: 532KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 36KB - Virtual size: 166KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 532KB - Virtual size: 532KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 36KB - Virtual size: 166KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 36KB - Virtual size: 35KB