de74c201f792e1f225fa94f51432f637_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

de74c201f792e1f225fa94f51432f637_JaffaCakes118
Size

1.9MB
MD5

de74c201f792e1f225fa94f51432f637
SHA1

b579316d7ad4200f1caf2a7ef47b6c88d77d03e7
SHA256

f0a8f24585b9e294c056ceec72acfedcc8495b3a8086488e999418353dd74a85
SHA512

851076be491933d42f40bd398415be4ee9a12ba66b0e2e6582df836b6566f0280fcfe7a23bfc2f745b3953630feb4d12581958b44334d8015998f7ef88f6aaac
SSDEEP

49152:g3zuoLevLR6hcMHgBxf3QWWR5rsO6gZOFA7qDMOz8u3B4o:gjLe62MH4YrtbZOFrMET

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/wannengspdrive/inf.exe	upx

Unsigned PE 22 IoCs

Checks for missing Authenticode signature.

resource
unpack001/wannengspdrive/CAMPRP.AX
unpack001/wannengspdrive/CAMPRP.DLL
unpack001/wannengspdrive/CAMTWN.DS
unpack001/wannengspdrive/CustPage.ax
unpack001/wannengspdrive/StillCap.exe
unpack001/wannengspdrive/TP6800.sys
unpack001/wannengspdrive/ToproDs.ds
unpack001/wannengspdrive/USBCAM.SYS
unpack001/wannengspdrive/VM31bPrp.Ax
unpack001/wannengspdrive/VM31bSTI.dll
unpack001/wannengspdrive/VM31bTWN.DS
unpack001/wannengspdrive/VM31bTXP.DS
unpack001/wannengspdrive/VMCap.exe
unpack001/wannengspdrive/VM_STI.EXE
unpack001/wannengspdrive/amcap.exe
unpack001/wannengspdrive/dshow508.ax
unpack001/wannengspdrive/inf.exe
unpack002/out.upx
unpack001/wannengspdrive/snphv71.ds
unpack001/wannengspdrive/snphv71.sys
unpack001/wannengspdrive/spca561.sys
unpack001/wannengspdrive/usbVM31b.sys

Files

de74c201f792e1f225fa94f51432f637_JaffaCakes118
.rar
wannengspdrive/CAMPRP.AX
.dll regsvr32 windows:4 windows x86 arch:x86

2edd3a0a4563815ed7c5b9bf2a087251

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

__CxxFrameHandler
_onexit
fscanf
??3@YAXPAX@Z
__dllonexit
fclose
strncat
sprintf
_ftol
_CIpow
_purecall
fopen
??2@YAPAXI@Z

kernel32

InterlockedDecrement
FindNextFileA
GetLastError
FindFirstFileA
GetCurrentDirectoryA
CloseHandle
SetEvent
CreateFileMappingA
UnmapViewOfFile
WaitForMultipleObjects
MapViewOfFile
WaitForSingleObject
PulseEvent
CreateThread
CreateEventA
GetOEMCP
Sleep
GetVersionExA
DisableThreadLibraryCalls
InterlockedIncrement
FreeLibrary
lstrlenA
MultiByteToWideChar
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection

user32

GetDlgItem
SetWindowTextA
GetWindowTextA
LoadStringA
SendDlgItemMessageA
DialogBoxParamA
GetWindowLongA
SetWindowLongA
EnableWindow
ShowWindow
wsprintfA
DestroyWindow
DefWindowProcA
LoadStringW
GetDlgItemTextA
GetDesktopWindow
SetDlgItemTextA
EndDialog
GetDlgCtrlID
SendMessageA
InvalidateRect
CreateDialogParamA
MoveWindow
GetWindowRect

advapi32

RegOpenKeyExA
RegCreateKeyA
RegSetValueA
RegSetValueExA
RegCloseKey
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA

ole32

CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wannengspdrive/CAMPRP.DLL
.dll windows:4 windows x86 arch:x86

08794da9c5fce4351a9864d3f24b312e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
WaitForSingleObject
CloseHandle
CreateEventA
GetFileType
GetStartupInfoA
GetStringTypeW
GetStringTypeA
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetProcAddress
GetACP
LoadLibraryA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
GetOEMCP
TlsGetValue
SetHandleCount
GetStdHandle
HeapDestroy
GetCPInfo
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
InitializeCriticalSection
HeapCreate
VirtualFree
HeapFree
WriteFile
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc

user32

SendMessageA
GetDlgItem
SetDlgItemInt
SendDlgItemMessageA
SetWindowLongA
GetWindowLongA
GetDlgCtrlID
LoadStringA
IsDlgButtonChecked
CheckDlgButton
EnableWindow
CheckRadioButton

advapi32

RegCloseKey

comctl32

CreatePropertySheetPageA

Exports

Exports

VFWWDMExtension

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wannengspdrive/CAMTWN.DS
.dll windows:4 windows x86 arch:x86

7954c2379fce26ed1ce269b6793b95a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
GlobalHandle
CloseHandle
CopyFileA
CreateThread
GetProcAddress
FindFirstFileA
GetFileSize
LoadLibraryA
_lwrite
GlobalFree
_lclose
_lread
GlobalLock
GlobalUnlock
GetWindowsDirectoryA
lstrcpyA
lstrcatA
WideCharToMultiByte
FreeLibrary
lstrcpynA
_llseek
GlobalAlloc
OpenFile
GlobalReAlloc
ReadFile
CreateFileA
WaitForSingleObject
lstrcmpA
FindNextFileA

user32

SetWindowTextA
CreateDialogParamA
EnableWindow
InvalidateRect
SendMessageA
DestroyWindow
ShowWindow
wsprintfA
GetDC
LoadImageA
DefWindowProcA
SetWindowPos
GetPropA
FindWindowA
GetSysColor
KillTimer
DialogBoxParamA
IsDialogMessageA
LoadStringA
EndDialog
SetPropA
GetCursorPos
wvsprintfA
MessageBoxA
SetDlgItemTextA
MoveWindow
GetDlgItem
GetClientRect
GetSubMenu
TrackPopupMenu
DestroyMenu
IsDlgButtonChecked
SetTimer
CheckDlgButton
GetWindowRect
SetFocus
LoadMenuA

gdi32

BitBlt
CreateCompatibleDC
StretchDIBits
Rectangle
CreatePen
CreateSolidBrush
SetStretchBltMode
CreateDIBSection
SelectObject
DeleteObject

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

SysFreeString
OleCreatePropertyFrame

comctl32

ImageList_Create
ImageList_Add
ImageList_Remove

comdlg32

GetFileTitleA
GetSaveFileNameA

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExA

msvcrt

fseek
fread
ftell
malloc
fclose
fwrite
free
??3@YAXPAX@Z
_ftol
fopen
_initterm
_adjust_fdiv
sprintf
??2@YAPAXI@Z

Exports

Exports

DS_Entry

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wannengspdrive/Config.set
wannengspdrive/CustPage.ax
.dll regsvr32 windows:4 windows x86 arch:x86

6655f751f2f66fb10bbf001e62263e6b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??3@YAXPAX@Z
_itoa
??2@YAPAXI@Z

kernel32

GetSystemDefaultLangID
OutputDebugStringA
CopyFileA
GetVersionExA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
FreeLibrary
lstrlenA
MultiByteToWideChar
GetLastError
GetModuleFileNameA
GetWindowsDirectoryA

advapi32

RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyA
RegSetValueA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA

user32

SetTimer
MoveWindow
ScreenToClient
KillTimer
GetWindowRect
SetDlgItemInt
ShowWindow
CheckDlgButton
MessageBoxA
EnableWindow
IsDlgButtonChecked
GetDlgItem
CheckRadioButton
SendMessageA
GetDlgCtrlID
wsprintfA
GetWindowLongA
SetWindowLongA
CreateDialogParamA
InvalidateRect
DestroyWindow
DefWindowProcA
LoadStringA
LoadStringW
GetDesktopWindow

comctl32

ord17

ole32

StringFromGUID2
CoUninitialize
CoTaskMemAlloc
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wannengspdrive/StillCap.exe
.exe windows:4 windows x86 arch:x86

79a1ab37da36cff15bf347149fc3fab3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateThread
SetEvent
Sleep
LocalFree
WaitForSingleObject
GetModuleHandleA
CopyFileA
FreeEnvironmentStringsW
ReadFile
SetEndOfFile
LoadLibraryA
GetProcAddress
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
CreateFileA
SetFilePointer
FlushFileBuffers
SetStdHandle
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
WideCharToMultiByte
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineA
MultiByteToWideChar
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
VirtualAlloc
VirtualFree
CreateEventA
HeapCreate
HeapDestroy
GetWindowsDirectoryA
WriteFile
GetLastError
HeapFree
lstrcpyA
lstrcatA
GetCurrentDirectoryA
ExitProcess
GetVersion
HeapAlloc
GetStartupInfoA

user32

DialogBoxParamA
EnableMenuItem
EndDialog
GetMenu
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
UpdateWindow
InvalidateRect
PostMessageA
CheckRadioButton
PostQuitMessage
DefWindowProcA
CreateDialogParamA
RedrawWindow
MessageBoxA
DestroyWindow
GetSystemMenu
LoadAcceleratorsA
BeginPaint
GetClientRect
EndPaint
GetWindowRect
SetWindowPos
LoadMenuA
GetSubMenu
ClientToScreen
TrackPopupMenu
CreateWindowExA
ShowWindow
LoadIconA
LoadCursorA
RegisterClassExA
LoadStringA

gdi32

SetPixel
CreateCompatibleDC
DeleteDC
DeleteObject
CreateCompatibleBitmap
StretchBlt
SelectObject

comdlg32

GetSaveFileNameA

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

sti

StiCreateInstanceW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wannengspdrive/TP6800.sys
.sys windows:4 windows x86 arch:x86

57620b055641e114f064d3da116f6056

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeReleaseSemaphore
KeWaitForSingleObject
ZwClose
KeSetEvent
RtlQueryRegistryValues
ExAllocatePoolWithTag
IoOpenDeviceRegistryKey
ExFreePool
ZwMapViewOfSection
RtlFreeUnicodeString
KeDelayExecutionThread
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwWriteFile
ZwUnmapViewOfSection
RtlAppendUnicodeToString
RtlWriteRegistryValue
ZwOpenSection
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
KeQueryTimeIncrement
KeTickCount
KeSetTimer
KeInitializeDpc
ZwCreateFile
IoFreeIrp
IofCallDriver
KeInitializeEvent
RtlCompareMemory
IoAllocateIrp
KeInitializeTimerEx
KefReleaseSpinLockFromDpcLevel
RtlInitUnicodeString
ExfInterlockedRemoveHeadList
ExfInterlockedInsertHeadList
KefAcquireSpinLockAtDpcLevel
ZwReadFile
KeCancelTimer
ExfInterlockedInsertTailList
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
IoBuildDeviceIoControlRequest
ExQueueWorkItem
InterlockedDecrement
InterlockedIncrement
KeInitializeSpinLock
KeInitializeSemaphore
PsCreateSystemThread
IoCancelIrp
ZwQueryValueKey
IoInitializeIrp

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

stream.sys

StreamClassRegisterAdapter
StreamClassStreamNotification
StreamClassQueryMasterClockSync
StreamClassDeviceNotification

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
_USBD_CreateConfigurationRequestEx@8

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECONS
Size: 160B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 992B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wannengspdrive/ToproDs.ds
.dll windows:4 windows x86 arch:x86

50ace0a04ccfb8fc75a2f2ede146ed2e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GlobalLock
GlobalAlloc
_lclose
GlobalFree
OpenFile
CloseHandle
GetLastError
ReadFile
GetFileSize
CreateFileA
lstrcpyA
lstrlenA
GetWindowsDirectoryA
VirtualFree
WinExec
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
lstrcpynA
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
ExitProcess
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
LCMapStringW
LCMapStringA
RtlUnwind
GetOEMCP
GetACP
GetCPInfo
InterlockedIncrement
InterlockedDecrement
SetFilePointer
GetStringTypeW
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapFree
GlobalUnlock
GetVersion
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetStdHandle
GetFileType
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
HeapDestroy
HeapCreate
MultiByteToWideChar
GetStringTypeA
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile

user32

GetDlgItem
DlgDirListA
DlgDirSelectExA
EnableWindow
KillTimer
OpenClipboard
GetClipboardData
CloseClipboard
SetTimer
DestroyWindow
IsWindow
SetFocus
ShowWindow
IsWindowVisible
IsWindowEnabled
CreateDialogParamA
SendMessageA
PostMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
IsDialogMessageA
LoadStringA
wsprintfA
MessageBoxA

Exports

Exports

DS_Entry

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wannengspdrive/USBCAM.CAT
wannengspdrive/USBCAM.INF
wannengspdrive/USBCAM.SYS
.sys windows:4 windows x86 arch:x86

1b657a6eeab85db2db302a7d25ce9df9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeInitializeEvent
IofCallDriver
KeWaitForSingleObject
ExFreePool
IoBuildSynchronousFsdRequest
ExQueueWorkItem
KeSetEvent
IoFreeIrp
KeDelayExecutionThread
ExfInterlockedRemoveHeadList
IoCancelIrp
DbgPrint
IoInitializeIrp
IoAllocateIrp
KeSetTimer
KeInitializeDpc
KeInitializeTimerEx
ExfInterlockedInsertHeadList
KeReleaseSemaphore
ExfInterlockedInsertTailList
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
IoOpenDeviceRegistryKey
ExAllocatePoolWithTag
RtlInitUnicodeString
ZwClose
ZwOpenKey
ZwQueryValueKey
ZwSetValueKey
IoBuildDeviceIoControlRequest
InterlockedDecrement
InterlockedIncrement
KeInitializeSpinLock
KeInitializeSemaphore
KeQueryTimeIncrement
RtlCompareMemory
KeTickCount
PsCreateSystemThread
KeCancelTimer
ZwWriteFile
ZwCreateFile
wcscat
ZwCreateKey

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

stream.sys

StreamClassDeviceNotification
StreamClassRegisterAdapter
StreamClassQueryMasterClockSync
StreamClassStreamNotification

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
_USBD_CreateConfigurationRequestEx@8

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECONS
Size: 128B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wannengspdrive/VM31bPrp.Ax
.dll regsvr32 windows:4 windows x86 arch:x86

4ca17ac2782238d993efead0639412ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ord17
CreatePropertySheetPageA

ksproxy.ax

KsSynchronousDeviceControl

kernel32

InterlockedDecrement
FreeLibrary
LoadLibraryA
InterlockedIncrement
GetProcAddress
DisableThreadLibraryCalls
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
InitializeCriticalSection
lstrcpyA
SetErrorMode
CreateThread
EnterCriticalSection
ResetEvent
GetVersionExA
CreateSemaphoreA
WideCharToMultiByte
GetACP
InterlockedExchange
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
GetCurrentThread
GetTickCount
lstrcmpiA
Sleep
CreateEventA
WaitForSingleObject
CloseHandle
GetLastError
LeaveCriticalSection
DeleteCriticalSection
SetEvent

winmm

timeGetTime

user32

GetWindowRect
GetDesktopWindow
wsprintfA
LoadStringW
DefWindowProcA
PeekMessageA
wvsprintfA
PostThreadMessageA
GetQueueStatus
InvalidateRect
DestroyWindow
MsgWaitForMultipleObjects
ShowWindow
PostMessageA
GetWindowTextA
SetWindowLongA
GetDlgCtrlID
SendMessageA
GetWindowLongA
SendDlgItemMessageA
CheckRadioButton
EnableWindow
LoadStringA
GetParent
MoveWindow
CreateDialogParamA
DispatchMessageA
SetTimer
SetWindowTextA
GetDlgItem
KillTimer

comdlg32

GetOpenFileNameA

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA

ole32

CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
CoTaskMemFree
CoUninitialize
StringFromGUID2
CoTaskMemAlloc

msvcrt

_except_handler3
fopen
__dllonexit
_onexit
_ftol
_CIpow
sprintf
free
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
malloc
fscanf
fclose

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VFWWDMExtension

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wannengspdrive/VM31bSTI.dll
.dll windows:4 windows x86 arch:x86

fb3b85861a25386995475799b63c8a90

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
IsBadWritePtr
DeleteFileA
GetLastError
ReadFile
CreateFileA
GetWindowsDirectoryA
Sleep
GetVersion
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
GetEnvironmentStringsW
GetStartupInfoA
GetEnvironmentStrings
WideCharToMultiByte
GetStringTypeW
RtlUnwind
GetCommandLineA
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapFree
ExitProcess
TerminateProcess
CreateEventA
SetHandleCount
GetStdHandle
GetFileType
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetStringTypeA
FlushFileBuffers
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW

user32

GetClientRect

ole32

CoTaskMemFree
CoCreateInstance
CreateBindCtx
MkParseDisplayName
CoInitialize
CoUninitialize

oleaut32

OleCreatePropertyFrame

ksproxy.ax

KsSynchronousDeviceControl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
_DllEntryPoint@12
_DllMain@12

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wannengspdrive/VM31bTWN.DS
.dll windows:4 windows x86 arch:x86

f4fe8131880f3302d62c4e532351dfe2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comdlg32

GetSaveFileNameA
GetFileTitleA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA

kernel32

GetProcAddress
LoadLibraryA
lstrcatA
lstrcpyA
GetWindowsDirectoryA
FindNextFileA
FindFirstFileA
CloseHandle
FreeLibrary
ReadFile
CreateFileA
GlobalHandle
CopyFileA
CreateMutexA
ReleaseMutex
WaitForSingleObject
DeleteFileA
LocalFree
GetModuleHandleA
Sleep
SetEvent
CreateThread
CreateEventA
_lwrite
lstrcpynA
OpenFile
GlobalReAlloc
GlobalFree
_lclose
_llseek
GlobalAlloc
_lread
GlobalLock
GlobalUnlock
GetFileSize

user32

DestroyMenu
TrackPopupMenu
GetSubMenu
LoadMenuA
GetCursorPos
MoveWindow
SetDlgItemTextA
InvalidateRect
GetDC
SetFocus
LoadImageA
DefWindowProcA
GetWindowRect
SetWindowPos
GetSysColor
GetDlgItem
SendMessageA
DestroyWindow
EnableWindow
CreateDialogParamA
GetClientRect
CheckDlgButton
PostMessageA
wsprintfA
GetPropA
FindWindowA
EndDialog
SetPropA
ShowWindow
SetTimer
KillTimer
DialogBoxParamA
IsDialogMessageA
LoadStringA
MessageBoxA
SetWindowTextA

gdi32

StretchDIBits
Rectangle
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
SetStretchBltMode
CreateSolidBrush
CreatePen
DeleteObject

comctl32

ImageList_Remove
ImageList_Create
ImageList_Add

sti

StiCreateInstanceW

msvcrt

_onexit
sprintf
malloc
free
fclose
fwrite
fopen
_ftol
wcslen
??3@YAXPAX@Z
_wcsicmp
??2@YAPAXI@Z
wcscpy
__dllonexit
_initterm
_adjust_fdiv

Exports

Exports

DS_Entry

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wannengspdrive/VM31bTXP.DS
.dll windows:4 windows x86 arch:x86

7f6c99701265ca61f16afe57fed716dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comdlg32

GetSaveFileNameA
GetFileTitleA

advapi32

RegOpenKeyA
RegCloseKey
RegQueryValueExA

kernel32

GetWindowsDirectoryA
GlobalUnlock
GlobalLock
_lread
GlobalAlloc
_llseek
_lclose
GlobalFree
GlobalReAlloc
OpenFile
lstrcpynA
_lwrite
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
lstrcpyA
FindNextFileA
CreateFileA
GetFileSize
GlobalHandle
CopyFileA
ReleaseMutex
CreateMutexA
LocalFree
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CreateThread
SetEvent
ReadFile
GetLastError
CloseHandle
DeleteFileA
CreateEventA
WaitForSingleObject
Sleep
FindFirstFileA

user32

LoadMenuA
GetSubMenu
TrackPopupMenu
DestroyMenu
CheckDlgButton
SetFocus
MoveWindow
SetDlgItemTextA
InvalidateRect
GetDC
LoadImageA
DefWindowProcA
SetWindowPos
GetSysColor
GetDlgItem
SendMessageA
DestroyWindow
EnableWindow
CreateDialogParamA
SetWindowTextA
GetPropA
FindWindowExA
FindWindowA
EndDialog
SetPropA
SetTimer
KillTimer
DialogBoxParamA
GetWindowRect
GetCursorPos
IsDialogMessageA
LoadStringA
MessageBoxA
PostMessageA
wsprintfA
GetClientRect
ShowWindow

gdi32

SetStretchBltMode
Rectangle
StretchDIBits
CreateSolidBrush
CreatePen
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject

ole32

CoCreateInstance
CoGetMalloc
CoInitialize
CreateBindCtx
MkParseDisplayName
CoTaskMemFree
CoUninitialize

oleaut32

SysStringLen
OleCreatePropertyFrame
SysAllocString
SysFreeString

comctl32

ImageList_Remove
ImageList_Create
ImageList_Add

ksproxy.ax

KsSynchronousDeviceControl

msvcrt

fopen
__CxxFrameHandler
sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
_ftol
malloc
free
fwrite
wcslen
wcscpy
fclose
wcscmp
__dllonexit
_onexit
_initterm
_adjust_fdiv

Exports

Exports

DS_Entry

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wannengspdrive/VMCap.exe
.exe windows:4 windows x86 arch:x86

13b1fe45f0d22bcf44a27a8f2e583b53

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
lstrcatA
lstrcpyA
LocalFree
GetModuleHandleA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CreateThread
SetEvent
CopyFileA
WriteFile
GetWindowsDirectoryA
CreateFileA
ReadFile
FreeLibrary
lstrcmpiA
AllocConsole
SetConsoleTitleA
GetLastError
GetProfileIntA
GetTickCount
WaitForMultipleObjects
GetThreadPriority
SetThreadPriority
InterlockedExchange
CreateSemaphoreA
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
CloseHandle
DeleteFileA
CreateEventA
WaitForSingleObject
ResetEvent
Sleep
lstrlenA
SetFilePointer
MultiByteToWideChar
FlushFileBuffers
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
VirtualAlloc
GetCurrentProcess
TerminateProcess
VirtualFree
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapAlloc
RtlUnwind
WideCharToMultiByte
IsBadWritePtr
IsBadReadPtr
HeapValidate
InterlockedDecrement
InterlockedIncrement
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetCurrentThread
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
DebugBreak
GetStdHandle
OutputDebugStringA
LoadLibraryA
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
FatalAppExitA

user32

GetMessageA
TranslateAcceleratorA
TrackPopupMenu
GetSubMenu
GetClientRect
wsprintfA
PostMessageA
DispatchMessageA
TranslateMessage
GetQueueStatus
RegisterWindowMessageA
PostThreadMessageA
wvsprintfA
MsgWaitForMultipleObjects
LoadMenuA
UpdateWindow
EndDialog
BeginPaint
GetWindowRect
SetWindowPos
EndPaint
PostQuitMessage
DefWindowProcA
ClientToScreen
InvalidateRect
DestroyWindow
DialogBoxParamA
CreateWindowExA
ShowWindow
LoadIconA
LoadCursorA
RegisterClassExA
MessageBoxA
LoadStringA
GetSystemMenu
LoadAcceleratorsA
GetMenu
EnableMenuItem
PeekMessageA

gdi32

StretchBlt
CreateCompatibleDC
SetPixel
SelectObject
CreateCompatibleBitmap
DeleteDC
DeleteObject

comdlg32

GetSaveFileNameA

ole32

MkParseDisplayName
CreateBindCtx
CoInitialize
CoUninitialize
CoCreateInstance
CoGetMalloc
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2

oleaut32

SysAllocString
SysStringLen
SysFreeString

winmm

timeGetTime

ksproxy.ax

KsSynchronousDeviceControl

advapi32

RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wannengspdrive/VM_STI.EXE
.exe windows:4 windows x86 arch:x86

a168909e79ce959b0bd387b131b86643

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapViewOfFile
CreateFileMappingA
CreateProcessA
CreateMutexA
UnmapViewOfFile
GetLastError
RtlUnwind
HeapFree
HeapAlloc
GetStartupInfoA
LoadLibraryA
GetCommandLineA
GetOEMCP
GetACP
GetProcAddress
MultiByteToWideChar
GetCPInfo
FlushFileBuffers
SetStdHandle
IsBadReadPtr
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsBadWritePtr
HeapReAlloc
GetVersion
ExitProcess
SetFilePointer
VirtualAlloc
WriteFile
VirtualFree
WideCharToMultiByte
CloseHandle
GetModuleHandleA
HeapCreate
IsBadCodePtr
HeapDestroy
FreeEnvironmentStringsA
GetModuleFileNameA
GetFileType
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount

user32

DispatchMessageA
LoadAcceleratorsA
UnregisterDeviceNotification
GetMessageA
TranslateMessage
TranslateAcceleratorA
SetTimer
KillTimer
PostQuitMessage
RegisterClassExA
DefWindowProcA
CreateWindowExA
RegisterDeviceNotificationA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA

ole32

CoGetMalloc
CoCreateInstance
CoUninitialize
CoInitialize
CreateBindCtx
MkParseDisplayName

oleaut32

SysAllocString
SysFreeString

ksproxy.ax

KsSynchronousDeviceControl

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wannengspdrive/amcap.exe
.exe windows:4 windows x86 arch:x86

7bbfa0a1f1b31b83795b700ad59128ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_adjust_fdiv
__set_app_type
__p__fmode
_controlfp
__setusermatherr
_initterm
__getmainargs
_acmdln
__p__commode
atof
_ftol
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
atol
sprintf
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit

kernel32

LoadLibraryA
GetStartupInfoA
GetModuleHandleA
CreateFileA
GetFileSize
CloseHandle
GetFullPathNameA
OpenFile
GetProcAddress
FreeLibrary
GetDiskFreeSpaceA
MulDiv
lstrcatA
lstrcpyA
GetProfileIntA
GetProfileStringA
WriteProfileStringA
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
lstrcpynA
lstrlenA

user32

GetSystemMetrics
GetClientRect
EndPaint
BeginPaint
MoveWindow
wsprintfA
PostQuitMessage
SetWindowPos
GetWindowRect
InvalidateRect
SetTimer
KillTimer
SetFocus
AppendMenuA
RemoveMenu
GetSubMenu
GetMenu
PostMessageA
EnableMenuItem
CreateWindowExA
wvsprintfA
EndDialog
UpdateWindow
EnableWindow
MessageBeep
GetAsyncKeyState
GetDlgItem
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextA
IsCharAlphaNumericA
IsCharAlphaA
GetDlgItemTextA
CheckDlgButton
IsDlgButtonChecked
GetSysColor
LoadStringA
GetWindowLongA
GetWindowTextA
CheckMenuItem
DispatchMessageA
SetWindowTextA
ShowWindow
TranslateMessage
WaitMessage
LoadAcceleratorsA
LoadCursorA
LoadIconA
RegisterClassA
GetDC
ReleaseDC
DialogBoxParamA
MessageBoxA
CreatePopupMenu
PeekMessageA
TranslateAcceleratorA
DefWindowProcA

gdi32

PatBlt
SetBkColor
SetTextColor
ExtTextOutA
GetTextMetricsA
DeleteObject
CreateSolidBrush
CreateFontA
GetStockObject
SelectObject

comdlg32

GetOpenFileNameA

ole32

CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

winmm

timeGetTime

msacm32

acmMetrics
acmFormatChooseA

olepro32

ord250

oleaut32

SysFreeString

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wannengspdrive/amcap.opt
wannengspdrive/dshow508.ax
.dll windows:4 windows x86 arch:x86

b70e33ead84ae8ad6a04f6dcc6c902b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z

kernel32

GetOverlappedResult
DeviceIoControl
CloseHandle
GetLastError
CreateEventA
Sleep
GetVersionExA
DisableThreadLibraryCalls
InterlockedIncrement
FreeLibrary
InterlockedDecrement
MultiByteToWideChar

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

user32

ShowWindow
GetDlgItem
GetWindowLongA
SendMessageA
SetWindowLongA
CreateDialogParamA
MoveWindow
InvalidateRect
DestroyWindow
LoadStringA
LoadStringW
GetWindowRect
GetDesktopWindow

comctl32

InitCommonControlsEx

ole32

CoTaskMemAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wannengspdrive/inf.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wannengspdrive/snapshot.iws
wannengspdrive/snphv71.ds
.dll windows:4 windows x86 arch:x86

0cf49be387fc3b6f8782454b0af887ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

avicap32

capCreateCaptureWindowA

kernel32

RtlUnwind
GetCommandLineA
RaiseException
ExitProcess
TerminateProcess
HeapSize
HeapReAlloc
GetACP
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
lstrcpynA
GetPrivateProfileStringA
lstrlenA
lstrcpyA
GetPrivateProfileIntA
lstrcmpA
lstrcatA
GetWindowsDirectoryA
FlushFileBuffers
SetFilePointer
GetCurrentProcess
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
GlobalUnlock
GetCurrentThread
MultiByteToWideChar
WritePrivateProfileStringA
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
MulDiv
SetLastError
FindResourceA
LoadResource
LockResource
GetVersion
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
LoadLibraryExA
GetModuleFileNameA
lstrcmpiA
GlobalFree
Sleep
GetLastError
WriteFile
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
CloseHandle
HeapAlloc
GetFileAttributesA
SetFileAttributesA
DeleteFileA
CopyFileA
HeapFree
GetProcessHeap
GlobalAlloc
GetPrivateProfileSectionA
GetEnvironmentStringsW
GlobalLock

user32

GetSysColor
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
SetDlgItemTextA
SetWindowTextA
MoveWindow
IsWindowEnabled
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
ClientToScreen
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
CreateDialogIndirectParamA
GetActiveWindow
PostQuitMessage
SetCursor
GetCursorPos
ValidateRect
TranslateMessage
GetMessageA
UnregisterClassA
GetClassNameA
PtInRect
LoadCursorA
GetSysColorBrush
DestroyMenu
SetActiveWindow
SetFocus
AdjustWindowRectEx
IsWindowVisible
PeekMessageA
GetTopWindow
GetParent
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
CreateWindowExA
CallNextHookEx
GetClassLongA
UnhookWindowsHookEx
CallWindowProcA
RemovePropA
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
BringWindowToTop
LoadIconA
GetWindowRect
AdjustWindowRect
SetRect
PostMessageA
EnableWindow
GetDC
CopyRect
ReleaseDC
InvalidateRect
GetClientRect
GetPropA
FindWindowA
EndDialog
SetPropA
SetTimer
KillTimer
DialogBoxParamA
DispatchMessageA
GetFocus
IsDialogMessageA
LoadStringA
IsWindow
SendMessageA
MessageBoxA
DestroyWindow
CreateDialogParamA
ShowWindow
SetWindowsHookExA
GetMessageTime

gdi32

DeleteObject
DeleteDC
BitBlt
StretchBlt
SetStretchBltMode
SelectObject
GetObjectA
CreateCompatibleDC
CreatePalette
CreateDIBitmap
SetDIBits
CreateBitmap
RealizePalette
SelectPalette
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetStockObject

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey

comctl32

ord17

Exports

Exports

DS_Entry

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wannengspdrive/snphv71.inf
wannengspdrive/snphv71.sys
.sys windows:4 windows x86 arch:x86

a422efa149142088d6c9cc26a077ad19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwWriteFile
ZwCreateFile
ZwClose
InterlockedCompareExchange
RtlWriteRegistryValue
KeWaitForSingleObject
KeInitializeEvent
RtlConvertLongToLargeInteger
RtlInitUnicodeString
KeQuerySystemTime
RtlQueryRegistryValues
KeDelayExecutionThread
InterlockedIncrement
IofCompleteRequest
KeSetEvent
KeInitializeDpc
IoInitializeIrp
IoAllocateIrp
IoFreeIrp
KeRemoveQueueDpc
IofCallDriver
ExFreePool
InterlockedDecrement
PsCreateSystemThread
KeInitializeSemaphore
KeInitializeSpinLock
KeReleaseSemaphore
ExfInterlockedInsertTailList
ExfInterlockedInsertHeadList
ExfInterlockedRemoveHeadList
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
RtlCompareMemory
KeInsertQueueDpc
IoBuildDeviceIoControlRequest
KeClearEvent
wcscpy
wcslen
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IoDeleteSymbolicLink
DbgPrint
MmMapLockedPages
ExAllocatePool
RtlRaiseException

hal

KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql

stream.sys

StreamClassDeviceNotification
StreamClassStreamNotification
StreamClassQueryMasterClockSync
StreamClassRegisterAdapter

usbd.sys

_USBD_ParseDescriptors@16
_USBD_CreateConfigurationRequestEx@8
_USBD_ParseConfigurationDescriptorEx@28

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 288B - Virtual size: 274B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wannengspdrive/sp561xp.cat
wannengspdrive/spca561.inf
wannengspdrive/spca561.sys
.sys windows:5 windows x86 arch:x86

45b1b561da8746c6178f6a1fe0052052

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlWriteRegistryValue
KeDelayExecutionThread
sprintf
ExAllocatePoolWithTag
RtlFreeUnicodeString
RtlQueryRegistryValues
KeInitializeEvent
ExFreePool
IoBuildSynchronousFsdRequest
RtlCompareMemory
ZwWriteFile
ZwClose
RtlUnwind
RtlAnsiStringToUnicodeString
IofCallDriver
ZwCreateFile
KeInitializeSpinLock
RtlInitAnsiString
RtlInitUnicodeString
KefReleaseSpinLockFromDpcLevel
KeWaitForSingleObject
ExQueueWorkItem
KefAcquireSpinLockAtDpcLevel
KeInitializeSemaphore
KeReleaseSemaphore
IoFreeIrp
IoCancelIrp
ExfInterlockedInsertHeadList
IoBuildDeviceIoControlRequest
ExfInterlockedRemoveHeadList
KeSetTimer
KeInitializeDpc
KeInitializeTimerEx
KeCancelTimer
ExfInterlockedInsertTailList
KeSetEvent
IoInitializeIrp
InterlockedDecrement
InterlockedIncrement
IoAllocateIrp

stream.sys

StreamClassDeviceNotification
StreamClassStreamNotification
StreamClassRegisterAdapter
StreamClassQueryMasterClockSync

hal

KfAcquireSpinLock
KfReleaseSpinLock
KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
_USBD_CreateConfigurationRequestEx@8

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 64B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGECONS
Size: 128B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wannengspdrive/topro.inf
wannengspdrive/usbVM31b.sys
.sys windows:5 windows x86 arch:x86

4ff996ccd9d743b2dec3f084123bc524

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ZwCreateKey
RtlInitUnicodeString
ExFreePool
ZwClose
ZwQueryValueKey
IofCallDriver
KeInitializeEvent
wcscat
IoBuildSynchronousFsdRequest
KeRestoreFloatingPointState
KeSaveFloatingPointState
ZwWriteFile
ZwCreateFile
ExQueueWorkItem
ZwSetValueKey
IoOpenDeviceRegistryKey
wcscpy
KeSetEvent
IoFreeIrp
KeDelayExecutionThread
ExfInterlockedRemoveHeadList
IoAllocateIrp
KeSetTimer
KeInitializeDpc
KeInitializeTimerEx
KeWaitForSingleObject
ExfInterlockedInsertHeadList
KefAcquireSpinLockAtDpcLevel
KeReleaseSemaphore
ExfInterlockedInsertTailList
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
IoBuildDeviceIoControlRequest
InterlockedDecrement
InterlockedIncrement
KeInitializeSpinLock
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
KeInitializeSemaphore
RtlFreeUnicodeString
RtlCompareMemory
IoCancelIrp
ObReferenceObjectByHandle
PsCreateSystemThread
KeCancelTimer
KefReleaseSpinLockFromDpcLevel

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

stream.sys

StreamClassDeviceNotification
StreamClassRegisterAdapter
StreamClassQueryMasterClockSync
StreamClassStreamNotification

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
_USBD_CreateConfigurationRequestEx@8

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECONS
Size: 128B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 672B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wannengspdrive/usbvm31b.inf

Sharing

General

Malware Config

Signatures

Files

2edd3a0a4563815ed7c5b9bf2a087251

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 124KB

.CRT Size: 4KB - Virtual size: 8B

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 8KB - Virtual size: 6KB

08794da9c5fce4351a9864d3f24b312e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

comctl32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 1KB

7954c2379fce26ed1ce269b6793b95a9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ole32

oleaut32

comctl32

comdlg32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 8KB - Virtual size: 4KB

6655f751f2f66fb10bbf001e62263e6b

Headers

File Characteristics

Imports

msvcrt

kernel32

advapi32

user32

comctl32

ole32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 4KB - Virtual size: 2KB

79a1ab37da36cff15bf347149fc3fab3

Headers

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 124KB

.CRT
Size: 4KB - Virtual size: 8B

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 91KB - Virtual size: 91KB

.data
Size: 62KB - Virtual size: 62KB

PAGECONS
Size: 160B - Virtual size: 144B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 992B - Virtual size: 984B

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 55KB - Virtual size: 55KB

.data
Size: 10KB - Virtual size: 10KB

PAGECONS
Size: 128B - Virtual size: 112B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 2KB - Virtual size: 2KB