2f31d1f9c4912b861bbd0627889dc489[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

2f31d1f9c4912b861bbd0627889dc489.zip
Size

129KB
MD5

d8adfbbf2176d0c283021e6d4bb304ab
SHA1

d6c4c946f75f4855fdad350f21628aa00ca4a9a0
SHA256

7b0da9a637a3906382ca482dfb87bfd615fadd887aa11613cdc742d3ae09a3f3
SHA512

1c28f57082f09c2700cc7ba3532a256331c38009af403f4e7a43821d9d290335a5c30b7436bfe45d2017794eafb3f623e63a403d62e3e3b6e8836a769ebfa9dd
SSDEEP

3072:JuIaYCd/7JplZx2HuhhYtyt4ALe4x7Oa47N1G3vfGwMMypBWciiW:JRChBKO7YtynLr9OacN1GmwMMMWciiW

Score

1^/10

Malware Config

Signatures

Files

2f31d1f9c4912b861bbd0627889dc489.zip
.zip
RTL2832UBDA.sys
.sys windows:6 windows x64 arch:x64

d050c0eda1961d24ed8f38ae9232df69

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:76:bc:e0:9a:8c:36:bb:35:38:08:ca:81:85:7c:61
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/07/2011, 00:00

Not After

20/07/2013, 23:59

Subject

CN=TerraTec Electronic GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TerraTec Electronic GmbH,L=Nettetal,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:59:c2:d4:02:1d:96:51:7c:28:3d:a8:e5:1b:30:44:72:8b:16:1a
Signer

Actual PE Digest

2d:59:c2:d4:02:1d:96:51:7c:28:3d:a8:e5:1b:30:44:72:8b:16:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\rtl2836\windowsdriver\20100623_dvbc\bdadriver_32_36_40\objfre_win7_amd64\amd64\RTL2832UBDA.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
IoFreeIrp
KeSetTimer
IoAllocateIrp
IoGetDeviceInterfaces
IoQueueWorkItem
KeCancelTimer
ExCreateCallback
ZwClose
DbgPrint
IofCallDriver
ExNotifyCallback
ExEventObjectType
ObReferenceObjectByHandle
ObfDereferenceObject
KeBugCheckEx
KeInsertQueueDpc
IoAllocateWorkItem
ZwCreateFile
KeInitializeTimer
KeInitializeDpc
IoIs32bitProcess
RtlUnicodeStringToAnsiString
RtlInitAnsiString
KeInitializeEvent
IoFreeWorkItem
ZwReadFile
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
KeClearEvent
IoIsWdmVersionAvailable
RtlQueryRegistryValues
KeWaitForSingleObject
KeDelayExecutionThread
KeSetEvent
ExFreePool
ZwWriteFile
ExAllocatePoolWithTag

ks.sys

KsReleaseDevice
KsAddItemToObjectBag
KsStreamPointerAdvanceOffsetsAndUnlock
KsGetDeviceForDeviceObject
KsInitializeDriver
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerUnlock
KsGetPinFromIrp
KsGetFilterFromIrp
KsGetDevice
KsAcquireDevice

bdasup.sys

BdaCreateFilterFactoryEx
BdaGetChangeState
BdaMethodCreateTopology
BdaCheckChanges
BdaInitFilter
BdaStartChanges
BdaCommitChanges
BdaValidateNodeProperty
BdaFilterFactoryUpdateCacheData

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 902B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RTL2832UUSB.sys
.sys windows:6 windows x64 arch:x64

479a73f593315a7fd8a329914dec2096

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:76:bc:e0:9a:8c:36:bb:35:38:08:ca:81:85:7c:61
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/07/2011, 00:00

Not After

20/07/2013, 23:59

Subject

CN=TerraTec Electronic GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TerraTec Electronic GmbH,L=Nettetal,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fb:8b:ba:05:19:25:97:f2:5a:fe:1e:94:66:f0:5b:9c:1e:31:24:b3
Signer

Actual PE Digest

fb:8b:ba:05:19:25:97:f2:5a:fe:1e:94:66:f0:5b:9c:1e:31:24:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\rtl2836\windowsdriver\20100527_atsc\rsusb\objfre_win7_amd64\amd64\RTL2832UUSB.pdb

Imports

ntoskrnl.exe

PoSetPowerState
ExFreePool
IoAttachDeviceToDeviceStack
IoCreateDevice
KeInitializeTimerEx
KeAcquireSpinLockRaiseToDpc
KeClearEvent
IoBuildDeviceIoControlRequest
IoFreeWorkItem
RtlQueryRegistryValues
IoDetachDevice
KeSetTimerEx
IoAllocateWorkItem
IofCompleteRequest
KeReleaseSpinLock
IoFreeIrp
IoAllocateIrp
IoQueueWorkItem
KeCancelTimer
IofCallDriver
PoRequestPowerIrp
IoCancelIrp
PoStartNextPowerIrp
PoCallDriver
IoWMIRegistrationControl
RtlInitUnicodeString
DbgPrint
KeBugCheckEx
KeInitializeDpc
KeSetEvent
KeInitializeEvent
IoDeleteDevice
KeWaitForSingleObject
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
PsGetVersion

wmilib.sys

WmiSystemControl
WmiCompleteRequest

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
terratec_tstick_plus.PNF
terratec_tstick_plus.cat
terratec_tstick_plus.inf

Sharing

General

Malware Config

Signatures

Files

d050c0eda1961d24ed8f38ae9232df69

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:76:bc:e0:9a:8c:36:bb:35:38:08:ca:81:85:7c:61Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

2d:59:c2:d4:02:1d:96:51:7c:28:3d:a8:e5:1b:30:44:72:8b:16:1aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

ks.sys

bdasup.sys

Sections

.text Size: 153KB - Virtual size: 153KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 14KB - Virtual size: 14KB

.pdata Size: 6KB - Virtual size: 5KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 902B

479a73f593315a7fd8a329914dec2096

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:76:bc:e0:9a:8c:36:bb:35:38:08:ca:81:85:7c:61Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

fb:8b:ba:05:19:25:97:f2:5a:fe:1e:94:66:f0:5b:9c:1e:31:24:b3Signer

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

wmilib.sys

usbd.sys

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 336B

.pdata Size: 1024B - Virtual size: 996B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 72B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:76:bc:e0:9a:8c:36:bb:35:38:08:ca:81:85:7c:61
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

2d:59:c2:d4:02:1d:96:51:7c:28:3d:a8:e5:1b:30:44:72:8b:16:1a
Signer

.text
Size: 153KB - Virtual size: 153KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 14KB - Virtual size: 14KB

.pdata
Size: 6KB - Virtual size: 5KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 902B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:76:bc:e0:9a:8c:36:bb:35:38:08:ca:81:85:7c:61
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

fb:8b:ba:05:19:25:97:f2:5a:fe:1e:94:66:f0:5b:9c:1e:31:24:b3
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 336B

.pdata
Size: 1024B - Virtual size: 996B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 72B