50434e6040dd1b08f87d20356e2447670970a6bb01e75aca33436eecf9e98819

Sharing

Copy URL

Twitter E-mail

General

Target

50434e6040dd1b08f87d20356e2447670970a6bb01e75aca33436eecf9e98819
Size

292KB
MD5

446c4d065605fcd6cb1d5eb803163494
SHA1

267bf00337b75fe311ef4dc76bfeaa5ff75c446e
SHA256

50434e6040dd1b08f87d20356e2447670970a6bb01e75aca33436eecf9e98819
SHA512

03ae0f83f12c4e6e5e59ccb4aa9ed9f02c40152030bf5e74f27b1b7f4eba33a26ff44906b53788452c2ffdcd8a206d6604ddbaa9e6820d9f1c5cb4110412285b
SSDEEP

3072:sNdq0swtPCDVnyLMQhJmxn90RAqt/7kDX1+WrlaG:svqX5/UAFA9tkU6

Score

1^/10

Malware Config

Signatures

Files

50434e6040dd1b08f87d20356e2447670970a6bb01e75aca33436eecf9e98819
.exe windows:5 windows x86 arch:x86

25184de5e75300ec887e263b6533f8bb

Code Sign

05:b0:ff
Certificate

Issuer

OU=Equifax Secure Certificate Authority,O=Equifax,C=US

Not Before

16-02-2006 18:01

Not After

19-02-2016 18:01

Subject

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:0b:dc:8f:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Equifax Secure Certificate Authority,O=Equifax,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:9b:73:e1:00:01:00:00:90:80
Certificate

Issuer

CN=Intel External Basic Issuing CA 3A,O=Intel Corporation,C=US

Not Before

06-08-2012 17:06

Not After

15-05-2015 19:35

Subject

CN=Intel Corporation - Software and Firmware Products,OU=Intel Architecture Group,O=Intel Corporation

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1e:80:b7:00:00:00:00:00:07
Certificate

Issuer

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Not Before

15-05-2009 19:25

Not After

15-05-2015 19:35

Subject

CN=Intel External Basic Issuing CA 3A,O=Intel Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

40:eb:33:3f:d1:17:2c:9b:7d:14:63:18:5e:05:08:e6:e5:2a:84:77
Signer

Actual PE Digest

40:eb:33:3f:d1:17:2c:9b:7d:14:63:18:5e:05:08:e6:e5:2a:84:77

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\ccViews\autobuild1_BR-1402-000L_2.0_Snapshot\USB3_Sakura\driver\Monitor\exe\Release\iusb3mon_exe.pdb

Imports

comctl32

ImageList_Create
ImageList_ReplaceIcon

iusb3mon

_USB3MON_GetHostInfoW@20
_USB3MON_Create@12
_USB3MON_GetDeviceInfoW@20
_USB3MON_GetInterfaceVersion@8
_USB3MON_DeviceChange@12
_USB3MON_ForwardMessage@16
_USB3MON_Close@4

kernel32

FreeLibrary
InterlockedIncrement
WaitForSingleObject
SetEvent
GlobalAlloc
lstrcmpW
lstrlenW
ReleaseSemaphore
InterlockedExchange
GetLastError
GlobalFree
CreateSemaphoreW
CreateEventW
WaitForMultipleObjects
OpenEventW
GetUserDefaultUILanguage
ReleaseMutex
CloseHandle
ResumeThread
CreateThread
LoadLibraryExW
ExitThread
ResetEvent
SuspendThread
GetConsoleOutputCP
CreateMutexW
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapReAlloc
VirtualAlloc
HeapAlloc
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
IsValidCodePage
GetOEMCP
SetStdHandle
WriteConsoleA
WriteConsoleW
CreateFileA
FlushFileBuffers
GetACP
GetCPInfo
GetCurrentThreadId
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
InterlockedDecrement
Sleep
ExitProcess
HeapFree
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection

user32

GetWindowRect
GetDlgItem
EndDialog
GetDesktopWindow
SetWindowPos
SetDlgItemTextW
SendMessageW
DestroyWindow
SetTimer
GetMessageW
PostQuitMessage
PostMessageW
KillTimer
DialogBoxParamW
LoadCursorW
RegisterClassExW
LoadIconW
LoadStringW
ShowWindow
CreateWindowExW
UpdateWindow
SetWindowTextW
DefWindowProcW
DispatchMessageW
TranslateMessage

gdi32

GetStockObject

advapi32

RegQueryValueExW
SetNamedSecurityInfoW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW

shell32

Shell_NotifyIconW

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

25184de5e75300ec887e263b6533f8bb

Code Sign

05:b0:ffCertificate

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

61:0b:dc:8f:00:00:00:00:00:1aCertificate

Key Usages

2f:9b:73:e1:00:01:00:00:90:80Certificate

Extended Key Usages

Key Usages

61:1e:80:b7:00:00:00:00:00:07Certificate

Key Usages

40:eb:33:3f:d1:17:2c:9b:7d:14:63:18:5e:05:08:e6:e5:2a:84:77Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

iusb3mon

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 212KB - Virtual size: 212KB

.reloc Size: 19KB - Virtual size: 19KB

05:b0:ff
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:0b:dc:8f:00:00:00:00:00:1a
Certificate

2f:9b:73:e1:00:01:00:00:90:80
Certificate

61:1e:80:b7:00:00:00:00:00:07
Certificate

40:eb:33:3f:d1:17:2c:9b:7d:14:63:18:5e:05:08:e6:e5:2a:84:77
Signer

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 212KB - Virtual size: 212KB

.reloc
Size: 19KB - Virtual size: 19KB