be6123db7a16e6ffc1fedbfd609649f0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be6123db7a16e6ffc1fedbfd609649f0_JaffaCakes118
Size

654KB
MD5

be6123db7a16e6ffc1fedbfd609649f0
SHA1

06e5ffe012d9b132c3161b928cfbc3eec692d500
SHA256

1f3cb840915fd69a8dcc7fe41bc827a2909193bf4ca35fbce23971c74249b28c
SHA512

16f8104c3ed50cf0e9a4a246f1d45b6321e5c3655de1cb29be645e5168227cd6d41eeb90816513262964e1889acaca2e1797f579b8e86ae2b749dc6e4b6ac778
SSDEEP

12288:R033Hz4STjoLMvX08PD7Wt03j2mtYWVR7s77dofoqGI48:s3HxTjouX0r03agVR7sFqoq/48

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TCP400/PrinterDriver/SMJTCP.dll
unpack001/TCP400/PrinterDriver/SMJTCPLM.dll
unpack001/TCP400/PrinterDriver/SMJTCPSM.exe
unpack001/TCP400/PrinterDriver/SMJTCPUNI.dll
unpack001/TCP400/PrinterDriver/lpk.dll
unpack001/TCP400/USBVenderClassDriver/Cleanup.exe
unpack001/TCP400/USBVenderClassDriver/DeviceView.exe
unpack001/TCP400/USBVenderClassDriver/SMJUSB.sys
unpack001/TCP400/USBVenderClassDriver/SMJUSBCOM.sys
unpack001/TCP400/USBVenderClassDriver/USBSerialNumber.exe
unpack001/TCP400/USBVenderClassDriver/lpk.dll

Files

be6123db7a16e6ffc1fedbfd609649f0_JaffaCakes118
.rar
TCP400/PrinterDriver/SMJTCP.INF
TCP400/PrinterDriver/SMJTCP.INI
TCP400/PrinterDriver/SMJTCP.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCP400/PrinterDriver/SMJTCP300.GPD
TCP400/PrinterDriver/SMJTCPLM.dll
.dll windows:5 windows x86 arch:x86

b8ebb9d1bc31bd3cb040c6ddf6372d18

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

malloc
_initterm
_adjust_fdiv
wcscmp
wcscat
wcsncat
free
wcsncpy
_wcsicmp
wcslen
wcscpy

kernel32

WaitForSingleObject
GetProfileStringW
WriteProfileStringW
CreateEventW
Sleep
CreateMutexW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
ResetEvent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
CreateProcessW
InitializeCriticalSection
GlobalAlloc
GlobalFree
DeleteCriticalSection
ReleaseMutex
SetLastError

user32

RegisterWindowMessageW
SendMessageW
FindWindowW

spoolss

ClosePrinter
SetJobW
OpenPrinterW

Exports

Exports

InitializePrintMonitor

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCP400/PrinterDriver/SMJTCPSM.exe
.exe windows:4 windows x86 arch:x86

f2c8181a7676d86197b112a3083eaaf7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
CreateFileMappingW
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
ReleaseMutex
CreateMutexW
GetProcAddress
GetModuleFileNameA
WriteFile
RtlUnwind
GetStartupInfoA
GetFileType
CloseHandle
SetHandleCount
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
MultiByteToWideChar
FreeEnvironmentStringsA
GetModuleFileNameW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapReAlloc
GetStdHandle
CreateEventW
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoW
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
LoadLibraryA

user32

LoadIconW
LoadCursorW
RegisterClassW
CreateWindowExW
GetMessageW
DispatchMessageW
TranslateMessage
CreateDialogParamW
EnableWindow
SetDlgItemTextW
SendMessageW
DefWindowProcW
PostQuitMessage
RegisterWindowMessageW
DestroyWindow
SetClassLongW
GetSystemMenu
DeleteMenu
ShowWindow
IsDialogMessageW

gdi32

GetStockObject

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCP400/PrinterDriver/SMJTCPUNI.dll
.dll windows:5 windows x86 arch:x86

226fae0128f708b6e8030e8efe9b1cd3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
malloc
free
??2@YAPAXI@Z
sprintf
_adjust_fdiv
??3@YAXPAX@Z

kernel32

InterlockedIncrement
InterlockedDecrement
SetLastError

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCP400/PrinterDriver/lpk.dll
.dll windows:5 windows x86 arch:x86

78e397a561f0c355666a0cce61d5c812

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetProcAddress
LoadLibraryW
lstrcatW
GetSystemDirectoryW
FreeLibrary
lstrcpynA
LockResource
LoadResource
SizeofResource
FindResourceW
CreateProcessW
CloseHandle
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
GetLastError
CreateMutexA
lstrcmpiW
GetModuleFileNameW
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
GetCurrentThreadId
GetFileAttributesW
lstrcpyW
GetTickCount
GetLogicalDrives
FindNextFileW
SetFileAttributesW
CopyFileW
FindClose
FindFirstFileW
WaitForMultipleObjects
TerminateThread
ResumeThread
SetThreadPriority
CreateThread
SetEvent
CreateEventW
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent

user32

wsprintfW

shell32

ord92
ord64

shlwapi

PathRemoveFileSpecW
StrStrIW
PathAppendW
PathFindExtensionW
PathFindFileNameW
SHRegGetValueW

Exports

Exports

LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
ftsWordBreak

Sections

111
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCP400/Thumbs.db
TCP400/USBVenderClassDriver/Cleanup.exe
.exe windows:4 windows x86 arch:x86

482f8f63183faed50352ebdaada3a6f5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\USBProject\USBProject\Cleanup\Release\Cleanup.pdb

Imports

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList

comctl32

ord17

kernel32

GetStringTypeW
GetCurrentProcess
GetLastError
GetStringTypeA
GetVersionExA
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
RtlUnwind
GetCommandLineA
HeapFree
HeapAlloc
ExitProcess
GetModuleHandleA
GetStartupInfoA
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetProcAddress
TerminateProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
LoadLibraryA

user32

ExitWindowsEx
MessageBoxA

advapi32

InitializeSecurityDescriptor
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey
AllocateAndInitializeSid
GetLengthSid
FreeSid
RegSetKeySecurity
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCP400/USBVenderClassDriver/DeviceView.exe
.exe windows:4 windows x86 arch:x86

a5aaa9888be76595a61c3d42f01d3c39

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\USBProject\USBProject\DeviceView\Release\DeviceView.pdb

Imports

setupapi

CM_Get_Child
CM_Get_Sibling
CM_Get_DevNode_Registry_PropertyW
CM_Locate_DevNodeW
CM_Get_Parent

comctl32

ImageList_Create
ImageList_ReplaceIcon
ord17

kernel32

GetStringTypeA
HeapSize
GetACP
GetStringTypeW
RtlUnwind
GetProcAddress
GlobalFree
DeviceIoControl
GlobalAlloc
CloseHandle
CreateFileW
GetVersionExW
GetCPInfo
GetLocaleInfoA
VirtualQuery
GetSystemInfo
VirtualProtect
HeapReAlloc
VirtualAlloc
HeapAlloc
LoadLibraryA
LCMapStringW
WideCharToMultiByte
LCMapStringA
ExitProcess
GetModuleHandleA
GetStartupInfoW
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetOEMCP
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapFree

user32

MoveWindow
LoadIconW
SetClassLongW
GetClientRect
wsprintfW
GetDlgItem
SendMessageW
EndDialog
UnregisterDeviceNotification
MessageBoxW
DialogBoxParamW
RegisterDeviceNotificationW

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCP400/USBVenderClassDriver/SMJUSB.sys
.sys windows:4 windows x86 arch:x86

9b9c054bb4755c2f6a8ac83919a05421

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCallDriver
KeWaitForSingleObject
KeInitializeEvent
InterlockedDecrement
KeSetEvent
IoBuildDeviceIoControlRequest
IofCompleteRequest
ExFreePool
IoCancelIrp
ExAllocatePoolWithTag
_wcsicmp
KeResetEvent
PoCallDriver
PoStartNextPowerIrp
InterlockedIncrement
IoDeleteDevice
IoDetachDevice
IoSetDeviceInterfaceState
RtlInitUnicodeString
RtlFreeUnicodeString
IoFreeIrp
IoAllocateIrp
KeInitializeSpinLock
IoAttachDeviceToDeviceStack
IoCreateDevice
IoRegisterDeviceInterface
PoRequestPowerIrp

hal

KfAcquireSpinLock
KfReleaseSpinLock

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
_USBD_CreateConfigurationRequestEx@8

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 928B - Virtual size: 924B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 416B - Virtual size: 390B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCP400/USBVenderClassDriver/SMJUSBCOM.inf
TCP400/USBVenderClassDriver/SMJUSBCOM.sys
.sys windows:5 windows x86 arch:x86

8939b9d3ff2ed20088911565ad9802d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\USBProject\USBProject\Test\SMJUSBCOM\objfre\i386\SMJUSBCOM.pdb

Imports

ntoskrnl.exe

ExFreePool
ZwQueryValueKey
ExAllocatePoolWithTag
InterlockedDecrement
KeWaitForSingleObject
KeSetEvent
IoCancelIrp
RtlInitUnicodeString
IofCompleteRequest
IoFreeWorkItem
KeReadStateTimer
KeSetTimer
IofCallDriver
KeResetEvent
IoBuildDeviceIoControlRequest
IoFreeIrp
IoAllocateIrp
KeInitializeEvent
IoQueueWorkItem
IoAllocateWorkItem
PoCallDriver
PoStartNextPowerIrp
ZwClose
RtlWriteRegistryValue
wcslen
IoCreateSymbolicLink
RtlAppendUnicodeToString
IoOpenDeviceRegistryKey
IoDeleteDevice
IoDetachDevice
IoSetDeviceInterfaceState
IoDeleteSymbolicLink
RtlDeleteRegistryValue
RtlFreeUnicodeString
KeInitializeSpinLock
KeInitializeTimer
IoAttachDeviceToDeviceStack
IoCreateDevice
IoRegisterDeviceInterface
InterlockedIncrement

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 310B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCP400/USBVenderClassDriver/USBSerialNumber.exe
.exe windows:4 windows x86 arch:x86

d31cbd3dc734dcc32706adc56285de5c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\USBProject\USBProject\USBSerialNumber\Release\USBSerialNumber.pdb

Imports

comctl32

ImageList_Create
ImageList_AddMasked

kernel32

GetCommState
SetupComm
CreateFileA
FlushFileBuffers
SetStdHandle
HeapSize
SetCommState
WriteFile
SetFilePointer
InitializeCriticalSection
LoadLibraryA
VirtualQuery
GetSystemInfo
SetCommTimeouts
RtlUnwind
PurgeComm
VirtualProtect
GetLocaleInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
HeapReAlloc
CloseHandle
Sleep
GetLastError
ExitThread
TlsSetValue
TlsGetValue
ResumeThread
CreateThread
ExitProcess
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
TlsFree
SetLastError
GetCurrentThreadId
TlsAlloc
GetProcAddress
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
LCMapStringA
WideCharToMultiByte
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc

user32

SendMessageA
SetWindowTextA
GetDlgItem
SetClassLongA
LoadIconA
EndDialog
CheckDlgButton
EnableWindow
MessageBeep
SetFocus
DialogBoxParamA
InvalidateRect
SetTimer
KillTimer
GetWindowRect
LoadBitmapA
IsDlgButtonChecked
GetWindowTextA

gdi32

GetStockObject
DeleteObject

winspool.drv

SetJobA
ClosePrinter
GetJobA
EndDocPrinter
EndPagePrinter
WritePrinter
StartPagePrinter
StartDocPrinterA
OpenPrinterA
EnumPrintersA

advapi32

RegCloseKey
RegEnumValueA
RegOpenKeyExA

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCP400/USBVenderClassDriver/lpk.dll
.dll windows:5 windows x86 arch:x86

78e397a561f0c355666a0cce61d5c812

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetProcAddress
LoadLibraryW
lstrcatW
GetSystemDirectoryW
FreeLibrary
lstrcpynA
LockResource
LoadResource
SizeofResource
FindResourceW
CreateProcessW
CloseHandle
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
GetLastError
CreateMutexA
lstrcmpiW
GetModuleFileNameW
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
GetCurrentThreadId
GetFileAttributesW
lstrcpyW
GetTickCount
GetLogicalDrives
FindNextFileW
SetFileAttributesW
CopyFileW
FindClose
FindFirstFileW
WaitForMultipleObjects
TerminateThread
ResumeThread
SetThreadPriority
CreateThread
SetEvent
CreateEventW
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent

user32

wsprintfW

shell32

ord92
ord64

shlwapi

PathRemoveFileSpecW
StrStrIW
PathAppendW
PathFindExtensionW
PathFindFileNameW
SHRegGetValueW

Exports

Exports

LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
ftsWordBreak

Sections

111
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCP400/autorun.inf
TCP400/cdicon.ico
TCP400/html/InstallPrtDriver_01.jpg
.jpg
TCP400/html/InstallPrtDriver_02.jpg
.jpg
TCP400/html/InstallPrtDriver_03.jpg
.jpg
TCP400/html/InstallPrtDriver_04.jpg
.jpg
TCP400/html/InstallPrtDriver_05.jpg
.jpg
TCP400/html/InstallPrtDriver_06.jpg
.jpg
TCP400/html/InstallPrtDriver_07.jpg
.jpg
TCP400/html/InstallPrtDriver_08.jpg
.jpg
TCP400/html/InstallPrtDriver_09.jpg
.jpg
TCP400/html/InstallPrtDriver_10.jpg
.jpg
TCP400/html/InstallPrtDriver_11.jpg
.jpg
TCP400/html/InstallPrtDriver_12.jpg
.jpg
TCP400/html/InstallPrtDriver_13.jpg
.jpg
TCP400/html/InstallPrtDriver_14.jpg
.jpg
TCP400/html/InstallPrtDriver_15.jpg
.jpg
TCP400/html/InstallPrtDriver_16.jpg
.jpg
TCP400/html/InstallPrtDriver_17.jpg
.jpg
TCP400/html/InstallVender_01.jpg
.jpg
TCP400/html/InstallVender_02.jpg
.jpg
TCP400/html/InstallVender_03.jpg
.jpg
TCP400/html/InstallVender_04.jpg
.jpg
TCP400/html/InstallVender_05.jpg
.jpg
TCP400/html/InstallVender_06.jpg
.jpg
TCP400/html/InstallVender_07.jpg
.jpg
TCP400/html/InstallVender_08.jpg
.jpg
TCP400/html/InstallVender_09.jpg
.jpg
TCP400/html/PrtDriverConfiguration_01.jpg
.jpg
TCP400/html/StarLogoBlue128x45.gif
.gif
TCP400/html/StarLogoBlue64x22.gif
.gif
TCP400/html/Thumbs.db

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 8B

b8ebb9d1bc31bd3cb040c6ddf6372d18

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

spoolss

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 176B

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 1024B - Virtual size: 688B

f2c8181a7676d86197b112a3083eaaf7

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 32KB - Virtual size: 30KB

226fae0128f708b6e8030e8efe9b1cd3

Headers

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.data Size: - Virtual size: 32B

.rsrc Size: 1024B - Virtual size: 952B

.reloc Size: 512B - Virtual size: 244B

78e397a561f0c355666a0cce61d5c812

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

Exports

Exports

Sections

111 Size: 3KB - Virtual size: 3KB

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 58KB - Virtual size: 58KB

.reloc Size: 1024B - Virtual size: 700B

482f8f63183faed50352ebdaada3a6f5

Headers

File Characteristics

PDB Paths

Imports

setupapi

comctl32

kernel32

user32

advapi32

Sections

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 8B

.text
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 176B

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 1024B - Virtual size: 688B

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 32KB - Virtual size: 30KB

.text
Size: 3KB - Virtual size: 3KB

.data
Size: - Virtual size: 32B

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 512B - Virtual size: 244B

111
Size: 3KB - Virtual size: 3KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 58KB - Virtual size: 58KB

.reloc
Size: 1024B - Virtual size: 700B

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 28KB - Virtual size: 25KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 8KB - Virtual size: 7KB

.text
Size: 6KB - Virtual size: 6KB

INIT
Size: 928B - Virtual size: 924B

.rsrc
Size: 896B - Virtual size: 896B

.reloc
Size: 416B - Virtual size: 390B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 384B - Virtual size: 310B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 640B - Virtual size: 600B

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 12KB - Virtual size: 10KB