vulndriverbs[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

vulndriverbs.rar
Size

2.0MB
MD5

f6e598fd3dcfbfcb1e06a6df2d07ad1b
SHA1

e2dea2d233a3d5603cef57b51b2697dd93bb8874
SHA256

1568dc3984ce75b434fb3fe754bf7736cf8acd5ccfea300fe847c9ac69d78a97
SHA512

1764d4b9062c7cfedd753ad29889df9eff9374862850664db5ff5e734382151f457fe12954a8ead47495b9d137355d25ca8ddc58636a7be61c50924c359941ef
SSDEEP

49152:GlQZYTomLBxNQ+nEO5NuczJRFUgPCs9BzZ5IGxUR:GlQ2TRPNVHuoNPj9ZHYR

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BENCH.DLL
unpack001/HW32inst.EXE
unpack001/Register/HWiNFO32-HomeUser-Register.EXE
unpack001/Register/HWiNFO32-Standard-Register.EXE
unpack001/unins000.exe

Files

vulndriverbs.rar
.rar
BENCH.DLL
.dll windows:4 windows x86 arch:x86

d9b614ded403577bde60a663d4547144

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
SetThreadPriority
SetPriorityClass
GetThreadPriority
GetCurrentThread
GetPriorityClass
GetCurrentProcess
QueryPerformanceFrequency
CloseHandle
ReadFile
SetFilePointer
DeviceIoControl
CreateFileA
Sleep
VirtualFree
VirtualAlloc
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
QueryPerformanceCounter
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
WriteFile
InterlockedDecrement
InterlockedIncrement
HeapReAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
FlushFileBuffers

Exports

Exports

BenchCPU
BenchDisk_RandomSeek
BenchDisk_ReadBurst
BenchFPU
BenchMMX
BenchMemory

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HW32inst.EXE
.exe windows:4 windows x86 arch:x86

e1248ac64510058f5155efa538c1b5d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord609
ord800
ord2514
ord2621
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord2982
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord2575
ord6055
ord1776
ord4396
ord5290
ord3402
ord3574
ord1146
ord1168
ord860
ord540
ord567
ord2370
ord2302
ord4160
ord2863
ord6334
ord2642
ord2379
ord755
ord470
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord3798
ord4673
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_setmbcp
_stricmp
sprintf
__CxxFrameHandler
__dllonexit
_onexit
_controlfp
_exit
_XcptFilter
exit
_acmdln

kernel32

GetCommandLineA
GetVersionExA
GetStartupInfoA
GetCurrentDirectoryA
LoadLibraryA
GetProcAddress
GetSystemInfo
FreeLibrary
GetLastError
GetModuleHandleA
CreateFileA
CloseHandle

user32

EnableWindow
IsIconic
GetSystemMetrics
DrawIcon
GetSystemMenu
AppendMenuA
SendMessageA
LoadIconA
MessageBoxA
GetClientRect

advapi32

ControlService
DeleteService
OpenSCManagerA
CreateServiceA
StartServiceA
CloseServiceHandle
OpenServiceA

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HWiNFO32.CHM
.chm
HWiNFO32.DAT
HWiNFO32.EXE
.exe windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:47:64:74:a7:ab:ff:3a:7b:04:ae:74:1f:7e:6e:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/07/2008, 00:00

Not After

22/07/2009, 23:59

Subject

CN=Martin Malik - REALiX,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Martin Malik - REALiX,L=Bratislava,ST=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c4:b1:03:93:fa:6b:53:2a:6a:ab:5a:15:50:48:00:7d:89:d9:85:52
Signer

Actual PE Digest

c4:b1:03:93:fa:6b:53:2a:6a:ab:5a:15:50:48:00:7d:89:d9:85:52

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

aaaa
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bbbb
Size: 845KB - Virtual size: 848KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HWiNFO32.INI
HWiNFO32.SYS
.sys windows:5 windows x86 arch:x86

90e05ca6b367f1157033f66442d3b15f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:47:64:74:a7:ab:ff:3a:7b:04:ae:74:1f:7e:6e:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/07/2008, 00:00

Not After

22/07/2009, 23:59

Subject

CN=Martin Malik - REALiX,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Martin Malik - REALiX,L=Bratislava,ST=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

df:02:cb:c2:f6:08:ec:a6:59:4e:27:48:d7:9c:8f:9e:41:c3:18:ec
Signer

Actual PE Digest

df:02:cb:c2:f6:08:ec:a6:59:4e:27:48:d7:9c:8f:9e:41:c3:18:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\hwinfo32\sys\i386\HWiNFO32.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
_allmul
IoCreateDevice
KeTickCount
_alldiv
_except_handler3
MmMapIoSpace
memmove
MmUnmapIoSpace
IoCreateSymbolicLink
IofCompleteRequest

hal

HalSetBusDataByOffset
HalGetBusData
KfRaiseIrql
KfLowerIrql
KeStallExecutionProcessor
HalGetBusDataByOffset

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 89B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 590B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 430B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HWiNFO32.VXD
HWiNFO64A.SYS
.sys windows:5 windows x64 arch:x64

2d54679459ee27533764386ed4fb495d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:47:64:74:a7:ab:ff:3a:7b:04:ae:74:1f:7e:6e:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/07/2008, 00:00

Not After

22/07/2009, 23:59

Subject

CN=Martin Malik - REALiX,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Martin Malik - REALiX,L=Bratislava,ST=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:4f:bf:8d:95:5c:8d:6e:6e:b7:34:7e:4c:21:b4:69:f6:ac:a8:bb
Signer

Actual PE Digest

7e:4f:bf:8d:95:5c:8d:6e:6e:b7:34:7e:4c:21:b4:69:f6:ac:a8:bb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\hwinfo32\sys\amd64\HWiNFO32.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
MmMapIoSpace
IoCreateDevice
MmUnmapIoSpace
__C_specific_handler
IoCreateSymbolicLink
IofCompleteRequest

hal

HalSetBusDataByOffset
KeStallExecutionProcessor
HalGetBusDataByOffset

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 313B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 566B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HWiNFO64I.SYS
History.TXT
Register/HWiNFO32-HomeUser-Register.EXE
.exe windows:4 windows x86 arch:x86

fb9e7623ec1af4b6419332e642bd1122

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3147
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord1089
ord5199
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord2982
ord4080
ord4424
ord3738
ord561
ord825
ord815
ord2514
ord2621
ord5265
ord4376
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord4622
ord1727
ord5065
ord3922
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord800
ord641
ord1146
ord1168
ord540
ord324
ord4234
ord6334
ord2642
ord3092
ord4673
ord3571
ord3626
ord3663
ord755
ord2414
ord640
ord5789
ord926
ord4160
ord5875
ord6172
ord5785
ord1640
ord1641
ord323
ord2754
ord470
ord1199
ord1200
ord922
ord535
ord2817
ord3619
ord823
ord2379
ord858
ord4853
ord537
ord924
ord4129
ord5683
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord6376
ord3749
ord4710
ord1576

msvcrt

exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_XcptFilter
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_onexit
__dllonexit
fopen
_exit
_setmbcp
__CxxFrameHandler
fgets
fclose
ftell
fread
fseek

kernel32

GetStartupInfoA
GetModuleHandleA

user32

SendMessageA
SetCursor
LoadIconA
PtInRect
LoadCursorA
GetSystemMetrics
GetClientRect
DrawIcon
IsIconic
EnableWindow
LoadBitmapA

gdi32

BitBlt
GetDeviceCaps
GetObjectA
CreateCompatibleDC
CreateFontA

shell32

ShellExecuteA

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Register/HWiNFO32-Standard-Register.EXE
.exe windows:4 windows x86 arch:x86

fb9e7623ec1af4b6419332e642bd1122

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3147
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord1089
ord5199
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord2982
ord4080
ord4424
ord3738
ord561
ord825
ord815
ord2514
ord2621
ord5265
ord4376
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord4622
ord1727
ord5065
ord3922
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord800
ord641
ord1146
ord1168
ord540
ord324
ord4234
ord6334
ord2642
ord3092
ord4673
ord3571
ord3626
ord3663
ord755
ord2414
ord640
ord5789
ord926
ord4160
ord5875
ord6172
ord5785
ord1640
ord1641
ord323
ord2754
ord470
ord1199
ord1200
ord922
ord535
ord2817
ord3619
ord823
ord2379
ord858
ord4853
ord537
ord924
ord4129
ord5683
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord6376
ord3749
ord4710
ord1576

msvcrt

exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_XcptFilter
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_onexit
__dllonexit
fopen
_exit
_setmbcp
__CxxFrameHandler
fgets
fclose
ftell
fread
fseek

kernel32

GetStartupInfoA
GetModuleHandleA

user32

SendMessageA
SetCursor
LoadIconA
PtInRect
LoadCursorA
GetSystemMetrics
GetClientRect
DrawIcon
IsIconic
EnableWindow
LoadBitmapA

gdi32

BitBlt
GetDeviceCaps
GetObjectA
CreateCompatibleDC
CreateFontA

shell32

ShellExecuteA

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
unins000.dat
unins000.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 575KB - Virtual size: 575KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9b614ded403577bde60a663d4547144

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 17KB

.reloc Size: 4KB - Virtual size: 3KB

e1248ac64510058f5155efa538c1b5d5

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 988B

.rsrc Size: 8KB - Virtual size: 4KB

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

6e:47:64:74:a7:ab:ff:3a:7b:04:ae:74:1f:7e:6e:d1Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

c4:b1:03:93:fa:6b:53:2a:6a:ab:5a:15:50:48:00:7d:89:d9:85:52Signer

Headers

File Characteristics

Sections

aaaa Size: - Virtual size: 1.8MB

bbbb Size: 845KB - Virtual size: 848KB

.rsrc Size: 36KB - Virtual size: 36KB

90e05ca6b367f1157033f66442d3b15f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

6e:47:64:74:a7:ab:ff:3a:7b:04:ae:74:1f:7e:6e:d1Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

df:02:cb:c2:f6:08:ec:a6:59:4e:27:48:d7:9c:8f:9e:41:c3:18:ecSigner

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 384B - Virtual size: 356B

.data Size: 128B - Virtual size: 89B

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 988B

.rsrc
Size: 8KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

6e:47:64:74:a7:ab:ff:3a:7b:04:ae:74:1f:7e:6e:d1
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

c4:b1:03:93:fa:6b:53:2a:6a:ab:5a:15:50:48:00:7d:89:d9:85:52
Signer

aaaa
Size: - Virtual size: 1.8MB

bbbb
Size: 845KB - Virtual size: 848KB

.rsrc
Size: 36KB - Virtual size: 36KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

6e:47:64:74:a7:ab:ff:3a:7b:04:ae:74:1f:7e:6e:d1
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

df:02:cb:c2:f6:08:ec:a6:59:4e:27:48:d7:9c:8f:9e:41:c3:18:ec
Signer

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 384B - Virtual size: 356B

.data
Size: 128B - Virtual size: 89B

INIT
Size: 640B - Virtual size: 590B

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 430B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

6e:47:64:74:a7:ab:ff:3a:7b:04:ae:74:1f:7e:6e:d1
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

7e:4f:bf:8d:95:5c:8d:6e:6e:b7:34:7e:4c:21:b4:69:f6:ac:a8:bb
Signer

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 1024B - Virtual size: 692B

.data
Size: 512B - Virtual size: 313B

.pdata
Size: 512B - Virtual size: 300B

INIT
Size: 1024B - Virtual size: 566B

.rsrc
Size: 1024B - Virtual size: 920B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 308B

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 21KB - Virtual size: 21KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 308B

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 21KB - Virtual size: 21KB