3a8bef698747cec862999b7a02906e3a1ce3c8a71bee27af317dd50b08fecd0f[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

3a8bef698747cec862999b7a02906e3a1ce3c8a71bee27af317dd50b08fecd0f.exe
Size

328KB
MD5

bc1124e581e879f45dffbc31b4d0c5b0
SHA1

889d4a3dfb7db42b61324517fc4e17c9cc61eb9d
SHA256

3a8bef698747cec862999b7a02906e3a1ce3c8a71bee27af317dd50b08fecd0f
SHA512

d135b82a802ab76a7be64aa017433722390e936940a0e9be31a18277ec278b9fee16f834d465e50b426378043b7996faa28923fa3d4e8fa3ab5a8c3053793b97
SSDEEP

6144:nzpmsLrHzbQnHqXt+YmgtN8XNVV6/9i4x4dNJ3xEoQAP65m/:9rQHqXEYmgsVV6/w4xONJ3Ko5Cm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a8bef698747cec862999b7a02906e3a1ce3c8a71bee27af317dd50b08fecd0f.exe

Files

3a8bef698747cec862999b7a02906e3a1ce3c8a71bee27af317dd50b08fecd0f.exe
.dll windows:6 windows x86 arch:x86

2c11cec12e9dc2e7604ee84ccdba0e7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\jenkins\workspace\Prod-SSENext-DeviceLib-Win\Windows\Release\SSEdevice.pdb

Imports

hid

HidD_GetProductString
HidP_GetCaps
HidD_GetFeature
HidD_FreePreparsedData
HidD_SetFeature
HidD_GetInputReport
HidD_GetAttributes
HidD_GetPreparsedData
HidD_GetHidGuid

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

kernel32

SetEndOfFile
WriteConsoleW
GetThreadPriority
GetStringTypeW
Sleep
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
WriteFile
ReadFile
CreateFileW
GetOverlappedResult
GetLastError
CreateEventW
CancelIo
DeleteCriticalSection
CloseHandle
OutputDebugStringW
GetModuleHandleW
GetTickCount
CreateThread
LoadLibraryW
GetProcAddress
DeviceIoControl
GetConsoleCP
FlushFileBuffers
SetStdHandle
UnregisterWait
LCMapStringW
HeapReAlloc
GetSystemTimeAsFileTime
DuplicateHandle
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
InterlockedExchange
EncodePointer
DecodePointer
CreateTimerQueueTimer
IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
HeapAlloc
GetCommandLineA
RaiseException
RtlUnwind
ExitThread
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
TlsGetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TerminateProcess
TlsAlloc
TlsSetValue
TlsFree
GetStartupInfoW
CreateSemaphoreW
CreateTimerQueue
InterlockedDecrement
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
HeapSize
GetStdHandle
GetModuleFileNameW
DeleteTimerQueueTimer
GetProcessAffinityMask
SetThreadAffinityMask
SetEvent
ReleaseSemaphore
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
SwitchToThread
UnregisterWaitEx
ChangeTimerQueueTimer
GetNumaHighestNodeNumber
RegisterWaitForSingleObject
GetConsoleMode
ReadConsoleW
SetFilePointer
SetFilePointerEx
GetFileType
GetProcessHeap
InterlockedIncrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleHandleA
SetThreadPriority
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
SignalObjectAndWait

user32

GetRawInputDeviceInfoW
RegisterRawInputDevices
CreateWindowExW
RegisterDeviceNotificationW
RegisterClassW
UnregisterDeviceNotification
DefWindowProcW
DispatchMessageW
UnregisterClassW
GetRawInputData
GetMessageW
DestroyWindow
PostThreadMessageW

Exports

Exports

??0DeviceLib@@QAE@XZ
??0DeviceLibFactory@@QAE@ABV0@@Z
??0DeviceLibFactory@@QAE@XZ
??0HIDLib@@AAE@XZ
??0HIDLibBase@@QAE@ABV0@@Z
??0HIDLibBase@@QAE@XZ
??0HidInfoList@@QAE@XZ
??0SC2Lib@@AAE@XZ
??0SSECmdLibBase@@QAE@ABV0@@Z
??0SSECmdLibBase@@QAE@XZ
??0Sequence@@QAE@ABV0@@Z
??0Sequence@@QAE@PADIIIPAEI1I1I@Z
??0Sequence@@QAE@XZ
??0Sequencer@@AAE@XZ
??0X2Lib@@AAE@XZ
??0X2LibBase@@QAE@ABV0@@Z
??0X2LibBase@@QAE@XZ
??1DeviceLib@@UAE@XZ
??1HIDLib@@EAE@XZ
??1HIDLibBase@@UAE@XZ
??1HidInfoList@@QAE@XZ
??1SC2Lib@@QAE@XZ
??1SSECmdLibBase@@UAE@XZ
??1Sequence@@UAE@XZ
??1Sequencer@@QAE@XZ
??1X2Lib@@EAE@XZ
??1X2LibBase@@UAE@XZ
??4DeviceLibFactory@@QAEAAV0@ABV0@@Z
??4HIDLibBase@@QAEAAV0@ABV0@@Z
??4SSECmdLibBase@@QAEAAV0@ABV0@@Z
??4Sequence@@QAEAAV0@ABV0@@Z
??4X2LibBase@@QAEAAV0@ABV0@@Z
??_7DeviceLib@@6B@
??_7DeviceLibFactory@@6B@
??_7HIDLib@@6B@
??_7HIDLibBase@@6B@
??_7SSECmdLibBase@@6B@
??_7Sequence@@6B@
??_7X2Lib@@6B@
??_7X2LibBase@@6B@
?AddDeviceToList@HIDLib@@AAEXAAVHidInfo@@@Z
?AddSequence@Sequencer@@QAEIPAVSequence@@@Z
?Cleanup@Sequence@@UAEXXZ
?DeleteSequence@Sequencer@@QAEII@Z
?DestroyDeviceInfo@HidInfoList@@AAEXXZ
?DeviceConnectionCallback@SC2Lib@@AAEXPAUDeviceInfo@@PAX@Z
?DeviceConnectionCallbackHelper@SC2Lib@@CAXPAUDeviceInfo@@PAX@Z
?DevicePathToHidInfo@HIDLib@@AAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAPAVHidInfo@@@Z
?DumpBytes@Sequence@@QAEXPAEI@Z
?EepromPatchCallback@SC2Lib@@CAHPAXK0@Z
?FindByDevicePath@HidInfoList@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAPAVHidInfo@@@Z
?FindByHandle@HidInfoList@@QAE_NIAAPAVHidInfo@@@Z
?FindByHandle@HidInfoList@@QAE_NPAXAAPAVHidInfo@@@Z
?FindDeviceByHandle@DeviceLib@@QAEPAUDeviceInfo@@I@Z
?FindDeviceHandle@SSECmdLibBase@@IAE_NGGIGAAI@Z
?FindSequenceNamedTheSameAs@Sequencer@@AAEHPAVSequence@@@Z
?FindSequenceWithId@Sequencer@@AAEHI@Z
?FirmwareCallback@DeviceLib@@KAXI@Z
?FlashFirmware@SC2Lib@@QAE?AW4SC2_STATUS@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@P6AXI@Z@Z
?FlashFirmware@SSECmdLibBase@@QAE?AW4SSECMD_STATUS@@IPAUDeviceChunk@@P6AXI@Z@Z
?GetDevices@DeviceLib@@QAEIAAPBUDeviceInfo@@@Z
?GetDevices@HIDLib@@UAEPAUDeviceInfo@@XZ
?GetDevices@HidInfoList@@QAEPAUDeviceInfo@@XZ
?GetHIDCodeFrom@HIDLib@@AAEEEE@Z
?GetProfileID@X2Lib@@UAEIGPAE@Z
?HandleCmdInterfaceEvent@HIDLib@@AAEXPAXPAUtagRID_DEVICE_INFO@@PAUtagRAWHID@@@Z
?HandleHIDCmd@DeviceLib@@IAEIIPAUDeviceChunk@@@Z
?HandleKeyboardEvent@HIDLib@@AAEXUtagRAWKEYBOARD@@@Z
?HandleMouseEvent@HIDLib@@AAEXUtagRAWMOUSE@@@Z
?HandleSC2Cmd@DeviceLib@@IAEIIPAUDeviceChunk@@@Z
?HandleSSECmd@DeviceLib@@IAEIIPAUDeviceChunk@@@Z
?HandleX2Cmd@DeviceLib@@IAEIIPAUDeviceChunk@@@Z
?Id@Sequence@@UAEIXZ
?InitHidInfoList@HIDLib@@AAEXXZ
?Initialize@DeviceLib@@QAEIXZ
?Initialize@HIDLib@@UAEIXZ
?Initialize@Sequencer@@QAEIXZ
?InitializePS2ToHIDMapping@HIDLib@@AAEXXZ
?Insert@HidInfoList@@QAEXAAVHidInfo@@@Z
?Instance@DeviceLib@@SAPAV1@XZ
?Instance@HIDLib@@SAPAV1@XZ
?Instance@SC2Lib@@SAPAV1@XZ
?Instance@Sequencer@@SAPAV1@XZ
?Instance@X2Lib@@SAPAV1@XZ
?IsDeviceConnected@SSECmdLibBase@@IAE_NI@Z
?IsNamed@Sequence@@UAE_NPAD@Z
?IsNamedTheSameAs@Sequence@@UAE_NPAV1@@Z
?IsRunning@Sequence@@UAE_NXZ
?MessagePump@HIDLib@@AAGKXZ
?MessagePumpStub@HIDLib@@CGKPAX@Z
?NewDeviceLib@DeviceLibFactory@@UAEPAVDeviceLib@@XZ
?NewKeyboardEvent@HIDLib@@AAE_NEE@Z
?NewSequence@Sequencer@@QAEIPADIIIPAEI1I1I@Z
?NotifyCmdInterfaceListener@HIDLibBase@@MAEXPAUDeviceInfo@@PAUCommandInterfaceEvent@@@Z
?NotifyConnectionListenerAboutAllDevices@HIDLibBase@@MAEXP6AXPAUDeviceInfo@@PAX@Z@Z
?NotifyConnectionListeners@HIDLibBase@@MAEXPAUDeviceInfo@@_N@Z
?NotifyFirmwareCallback@SC2Lib@@AAEXKPAX@Z
?NotifyFirmwareCallback@SSECmdLibBase@@IAEXII@Z
?NotifyFirmwareCallbackListener@DeviceLib@@IAEXW4DEVICELIB_FWSTATUS@@I@Z
?NotifyInputListener@HIDLibBase@@MAEXPAUDeviceEvent@@@Z
?PerformFirmwareOperation@SC2Lib@@AAE?AW4SC2_STATUS@@W4FIRMWARE_OPERATION@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@P6AXI@Z@Z
?PrepareDevice@SSECmdLibBase@@IAE?AW4SSECMD_STATUS@@IPAUSSFWUpdateInfo@@AAI@Z
?Read@DeviceLib@@QAEIIIPAEI@Z
?Read@HIDLib@@UAEIIW4HID_REPORT_TYPE@@PAEI@Z
?Read@X2LibBase@@UAEIGAAUDeviceChunk@@@Z
?ReadProfile@X2Lib@@UAEIGEPAUPROFILE_T@@@Z
?RegisterConnectionCallback@HIDLibBase@@UAEXP6AXPAUDeviceInfo@@PAX@Z@Z
?RegisterForDeviceNotifications@HIDLib@@AAE_NXZ
?Remove@HidInfoList@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?RemoveDeviceFromList@HIDLib@@AAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?Resume@Sequence@@UAEXXZ
?ResumeSequence@Sequencer@@QAEII@Z
?RewriteTemplate@Sequence@@UAEPAEI@Z
?SendCommand@DeviceLib@@QAEIIIPAEI@Z
?SendCommand@SC2Lib@@QAE?AW4SC2_STATUS@@PBEI@Z
?SequenceCount@Sequencer@@QAEHXZ
?SetCallback@DeviceLib@@QAEIIP6AXPAUDeviceInfo@@PAX@Z@Z
?SetCallback@Sequence@@QAEXP6AXI@Z@Z
?SetCallback@Sequencer@@QAEIP6AXI@Z@Z
?SetCmdInterfaceCallback@HIDLib@@UAEXP6AXPAUDeviceInfo@@PAX@Z@Z
?SetCmdInterfaceCallback@HIDLibBase@@UAEXP6AXPAUDeviceInfo@@PAX@Z@Z
?SetDriverControl@X2Lib@@UAEIGE@Z
?SetFactory@DeviceLib@@SAXPAVDeviceLibFactory@@@Z
?SetInputCallback@HIDLib@@UAEXP6AXPAUDeviceInfo@@PAX@Z@Z
?SetInputCallback@HIDLibBase@@UAEXP6AXPAUDeviceInfo@@PAX@Z@Z
?SetProfileID@X2Lib@@UAEIGE@Z
?Start@Sequence@@UAEXXZ
?StartSequence@Sequencer@@QAEII@Z
?Step@Sequence@@UAEXXZ
?Step@Sequencer@@QAEXXZ
?StepLoop@Sequencer@@AAEXXZ
?Stop@Sequence@@UAEXXZ
?StopDevice@Sequencer@@QAEII@Z
?StopForDevice@Sequence@@UAEXI@Z
?StopSequence@Sequencer@@QAEII@Z
?UnregisterConnectionCallback@HIDLibBase@@UAEXP6AXPAUDeviceInfo@@PAX@Z@Z
?UnregisterForDeviceNotifications@HIDLib@@AAEXXZ
?UpdateRawInputRegistration@HIDLib@@AAEXXZ
?VerifyFirmware@SC2Lib@@QAE?AW4SC2_STATUS@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@P6AXI@Z@Z
?WinProcCallback@HIDLib@@CGJPAUHWND__@@IIJ@Z
?Write@DeviceLib@@QAEIIIPAEI@Z
?Write@HIDLib@@UAEIIW4HID_REPORT_TYPE@@PAEI@Z
?Write@X2LibBase@@UAEIGABUDeviceChunk@@@Z
?WriteProfile@X2Lib@@UAEIGEPAUPROFILE_T@@@Z
?_factory@DeviceLib@@2PAVDeviceLibFactory@@A
?_idSequence@Sequence@@2IA
?_instance@DeviceLib@@2PAV1@A
DeviceLib_GetDevices
DeviceLib_Initialize
DeviceLib_Read
DeviceLib_SendCommand
DeviceLib_SetCallback
DeviceLib_Write
Sequencer_DeleteSequence
Sequencer_Initialize
Sequencer_NewSequence
Sequencer_ResumeSequence
Sequencer_StartSequence
Sequencer_StopDevice
Sequencer_StopSequence

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c11cec12e9dc2e7604ee84ccdba0e7c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

hid

setupapi

kernel32

user32

Exports

Exports

Sections

.text Size: 216KB - Virtual size: 216KB

.rdata Size: 57KB - Virtual size: 57KB

.data Size: 10KB - Virtual size: 26KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 43KB - Virtual size: 42KB

.text
Size: 216KB - Virtual size: 216KB

.rdata
Size: 57KB - Virtual size: 57KB

.data
Size: 10KB - Virtual size: 26KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 43KB - Virtual size: 42KB