769d7b307bdf5d73ebf019adc24340fa6e4f0e18e345b81d552af3419f845afb

Sharing

Copy URL Twitter E-mail

General

Target

769d7b307bdf5d73ebf019adc24340fa6e4f0e18e345b81d552af3419f845afb
Size

421KB
MD5

315019698f0219e1fba4c00fa3513a76
SHA1

127fadc740932342c1043ee3f9ef61afea53811c
SHA256

769d7b307bdf5d73ebf019adc24340fa6e4f0e18e345b81d552af3419f845afb
SHA512

ee9062ad7f49eeb2484cba7fce5e4ce776a1d89659d40a9926cbbae490461e0478a05e9fa37081139c30679dab25ebb24fc6ff874d171eaf2772248ca6d6e8eb
SSDEEP

6144:TTh/pybkYYseTpbk5YS2o4SKAiQ49+K/TQykHhx:3h7d1bEYoJT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
769d7b307bdf5d73ebf019adc24340fa6e4f0e18e345b81d552af3419f845afb

Files

769d7b307bdf5d73ebf019adc24340fa6e4f0e18e345b81d552af3419f845afb
.dll windows:6 windows x86 arch:x86

056ce4dd0300b90f241e73bcf964a465

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

K:\quarc\branches\release\output\Win32\Release\q8_usb_industrial.pdb

Imports

ftd2xx_quanser

FT_RestartInTask@4
FT_OpenEx@12
FT_SetLatencyTimer@8
FT_StopInTask@4
FT_GetModemStatus@8
FT_Read@16
FT_SetUSBParameters@12
FT_GetStatus@16
FT_Close@4
FT_Purge@8
FT_SetTimeouts@12
FT_Write@16

vcruntime140

memset
memcpy
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

toupper
tolower
_strupr_s

api-ms-win-crt-math-l1-1-0

_libm_sse2_pow_precise

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_beginthreadex
_cexit
_crt_atexit
_register_onexit_function

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInterfaceDetailA

kernel32

QueryPerformanceFrequency
SleepEx
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
QueueUserAPC
InitOnceExecuteOnce
InitializeCriticalSection
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetLastError
RaiseException
SetThreadAffinityMask
GetProcessAffinityMask
SetPriorityClass
ResumeThread
SetThreadPriority
GetCurrentProcess
CreateEventW
GetExitCodeThread
InitializeCriticalSectionAndSpinCount
CreateMutexW
DeleteCriticalSection
CloseHandle
ReleaseMutex
HeapAlloc
GetProcessHeap
HeapFree
CreateSemaphoreW
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
ReleaseSemaphore
WaitForSingleObject
SetEvent

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

Exports

Exports

q8_usb_industrial_close
q8_usb_industrial_get_integer_property
q8_usb_industrial_get_string_property
q8_usb_industrial_monitor_create_interrupt_reader
q8_usb_industrial_monitor_delete
q8_usb_industrial_monitor_read_interrupt
q8_usb_industrial_monitor_start
q8_usb_industrial_monitor_stop
q8_usb_industrial_open
q8_usb_industrial_poll_interrupt
q8_usb_industrial_read_analog_codes
q8_usb_industrial_read_write
q8_usb_industrial_set_analog_input_ranges
q8_usb_industrial_set_analog_output_ranges
q8_usb_industrial_set_analog_termination_state
q8_usb_industrial_set_card_specific_options
q8_usb_industrial_set_digital_directions
q8_usb_industrial_set_digital_termination_state
q8_usb_industrial_set_double_property
q8_usb_industrial_set_encoder_counts
q8_usb_industrial_set_encoder_quadrature_mode
q8_usb_industrial_set_pwm_termination_state
q8_usb_industrial_spi_create_reader_writer
q8_usb_industrial_spi_delete
q8_usb_industrial_spi_read_write
q8_usb_industrial_spi_stop
q8_usb_industrial_task_create_reader
q8_usb_industrial_task_delete
q8_usb_industrial_task_get_buffer_overflows
q8_usb_industrial_task_read
q8_usb_industrial_task_set_buffer_overflow_mode
q8_usb_industrial_task_start
q8_usb_industrial_task_stop
q8_usb_industrial_watchdog_clear
q8_usb_industrial_watchdog_is_expired
q8_usb_industrial_watchdog_reload
q8_usb_industrial_watchdog_set_analog_expiration_state
q8_usb_industrial_watchdog_set_digital_expiration_state
q8_usb_industrial_watchdog_start
q8_usb_industrial_watchdog_stop
q8_usb_industrial_write_analog_codes
q8_usb_industrial_write_termination_states

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 359KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

056ce4dd0300b90f241e73bcf964a465

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ftd2xx_quanser

vcruntime140

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

setupapi

kernel32

advapi32

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 49KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 359KB - Virtual size: 358KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 359KB - Virtual size: 358KB

.reloc
Size: 2KB - Virtual size: 1KB