18bef894fbb11d8aef8c65b845223f60f7460588d2f52e07a8b1c15015e24aa8

Sharing

Copy URL

Twitter E-mail

General

Target

18bef894fbb11d8aef8c65b845223f60f7460588d2f52e07a8b1c15015e24aa8
Size

291KB
MD5

10b4d901582cf4d1d35eec17daba45a4
SHA1

01993ac9c4dac74d423a5a220974d15f8d75b6b5
SHA256

18bef894fbb11d8aef8c65b845223f60f7460588d2f52e07a8b1c15015e24aa8
SHA512

f422429eeb3ec4c36cef443ede06ad201f0adc7c966042b7d02555bfd804a517067aa3286b56e7a724c03d99d46c4ec938436c1c021ba96a31e61b49b044d620
SSDEEP

6144:dkqQh5z4iTucvKIN4vfn8I45m27WD/5u1d2emKKf2iFP8PQ2:dkHh5z4iTucvlZr53WD/5u1dNmKKf2i5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18bef894fbb11d8aef8c65b845223f60f7460588d2f52e07a8b1c15015e24aa8

Files

18bef894fbb11d8aef8c65b845223f60f7460588d2f52e07a8b1c15015e24aa8
.dll windows:5 windows x86 arch:x86

16dd504af27dac4c01939bed31bfcf88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\witmodSDK\WitmodSdkTestDemo\Release\witmodSdk.pdb

Imports

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo

kernel32

InitializeSListHead
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
FreeLibrary
GetProcAddress
LocalFree
GetLastError
GetOverlappedResult
ResetEvent
WaitForSingleObject
WriteFile
ReadFile
CloseHandle
FormatMessageW
CreateEventA
LoadLibraryA
CreateFileA
CancelIo
Sleep
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls

msvcp140

?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z

winmm

timeSetEvent
timeKillEvent

ws2_32

WSACleanup
socket
WSAStartup
select
recv
send
closesocket

vcruntime140

__std_terminate
memmove
_CxxThrowException
__CxxFrameHandler3
_purecall
strchr
__std_exception_copy
__std_exception_destroy
_except_handler4_common
__std_type_info_destroy_list
memcpy
memset
strstr

api-ms-win-crt-string-l1-1-0

_wcsdup
strncmp
_stricmp
isalnum
isspace
strncpy
strtok
tolower
isalpha

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s
ftell
fseek
fputc
ferror
__stdio_common_vsscanf
fopen_s
__acrt_iob_func
__stdio_common_vfprintf
fclose
__stdio_common_vsprintf
fread
putchar
fopen

api-ms-win-crt-heap-l1-1-0

_callnewh
free
realloc
malloc
calloc

api-ms-win-crt-convert-l1-1-0

strtol
strtod
_itoa
atoi

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_execute_onexit_table
_initterm
_cexit
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-time-l1-1-0

_time64

Exports

Exports

?CWitmodHid_highPrecisionTimerInit@@YAXXZ
?CWitmodHid_highPrecisionTimerRuning@@YAXK@Z
?CWitmodHid_highPrecisionTimerStart@@YAXXZ
?CWitmodHid_highPrecisionTimerStop@@YAXXZ
CWitmodHid_Close
CWitmodHid_FirmwareUpgrade
CWitmodHid_GetCurrentAutoRippleLightConfig
CWitmodHid_GetCurrentRippleLightColor
CWitmodHid_GetHidAndFirmwareInfoStu
CWitmodHid_GetHidInfoList
CWitmodHid_GetHidInfoStuMapList
CWitmodHid_GetSideCollisionLightRuningConfig
CWitmodHid_GetSupportInfoList
CWitmodHid_HidReadBuff
CWitmodHid_HidWriteBuff
CWitmodHid_Init
CWitmodHid_OpenPath
CWitmodHid_SetKeyboardColorInfoDataStu
CWitmodHid_SetKeyboardColorInfoDataStuHaveChanged
CWitmodHid_SetNonblocking
CWitmodHid_SetSideColorInfoDataStu
CWitmodHid_SetSideColorInfoDataStuHaveChanged
CWitmodHid_highPrecisionTimerInit
CWitmodHid_highPrecisionTimerRuning
CWitmodHid_highPrecisionTimerStart
CWitmodHid_highPrecisionTimerStop
CWitmodHid_keyClickedSendXY
CWitmodHid_keyboardLightColorRuning
CWitmodHid_lightColorMix
CWitmodHid_sideLightColorRuning
CWitmodLight_Init
CWitmodSDK_VersionStr
CWitmodXML_AddKeyOrMouseEventItem
CWitmodXML_AddProFileBindMacroItem
CWitmodXML_AddProFileCustomLightDataInfo
CWitmodXML_AddProFileCustomLightNode
CWitmodXML_AddProFileFunctionInfo
CWitmodXML_AddProFileLightInfoItem
CWitmodXML_AddProFileMacroWithKeyInfoItem
CWitmodXML_AddProFileMacroWithKeyInfoItemStu
CWitmodXML_ClearProFileCustomLightNode
CWitmodXML_CreateMacroXmlParentNode
CWitmodXML_CreateProFileXmlParentNode
CWitmodXML_CreateXMLFile
CWitmodXML_DeleteEventItem
CWitmodXML_DeleteEventItem_128Bit_DelItem
CWitmodXML_DeleteMacroNode
CWitmodXML_DeleteProFileBindMacroNode
CWitmodXML_DeleteProFileCustomLightNode
CWitmodXML_DeleteProFileMacroWithKeyInfoItem
CWitmodXML_DeleteProFileSelectedNode
CWitmodXML_FindCustomIndex
CWitmodXML_GetCreateXMLFileProfileIndex
CWitmodXML_GetProFileFunctionInfo
CWitmodXML_GetProFileIntoSleepTimeInfo
CWitmodXML_GetProFileValueNum
CWitmodXML_Init
CWitmodXML_IsExistenceSelectCustomLightNode
CWitmodXML_IsExistenceSelectMacroNode
CWitmodXML_IsExistenceSelectProfileNode
CWitmodXML_IsProFileAlreadyHaveLightInfo
CWitmodXML_IsProFileCurrentKeyLinkCustomEvent
CWitmodXML_IsSupportHid
CWitmodXML_KeyboardKeyCodeAndCharacterListMapInit
CWitmodXML_KeyboardKeyCodeMatrixInit
CWitmodXML_MacroEventItemUpOrDownOperate
CWitmodXML_ModifyMacroNodeName
CWitmodXML_ModifyProFileCustomLightNodeName
CWitmodXML_ModifyProFileCustomLightNodeUsingStatus
CWitmodXML_ModifyProFileLightInfoItem
CWitmodXML_ModifyProFileLightSynchronizeStatus
CWitmodXML_ModifyProFileLightTypeRuningStatus
CWitmodXML_ModifyProFileMouseLightUsingIndex
CWitmodXML_ModifyProfileNodeInfo
CWitmodXML_ModifyXMLFileProfileIndex
CWitmodXML_OnboardEditMacroWriteDeal
CWitmodXML_POS_AddEventItem_128Bit_AddItem
CWitmodXML_POS_CreateXmlParentNode_128Bit
CWitmodXML_POS_CreateXmlParentNode_Layer
CWitmodXML_POS_InsertSelectAllEvents_128Bit
CWitmodXML_POS_QueryLastMarkNum_128Bit
CWitmodXML_POS_SelectAllEvents_128Bit
CWitmodXML_ProFileCustomLightInfoSelectAll
CWitmodXML_ProFileCustomLightInfoSelectAll_Using
CWitmodXML_ProFileExport
CWitmodXML_ProFileImport
CWitmodXML_ProFileKeyInfoSelectAll
CWitmodXML_ProFileMacroWithKeyInfoSelectAll
CWitmodXML_ProFilesDataDeal_CustomEventKey
CWitmodXML_ProFilesDataDeal_CustomLightRGB
CWitmodXML_ProFilesDataDeal_LightConfigInfo
CWitmodXML_ProFilesDataDeal_MacrosDataInfo
CWitmodXML_SelectAllKeyOrMouseEvent
CWitmodXML_SelectMacroAllNodes
CWitmodXML_SelectMacroNodeStuDataInfo
CWitmodXML_SelectProFileAllNodes
CWitmodXML_SelectProFileCustomLightAllNodes
CWitmodXML_SelectProFileKeyOperateInfo
CWitmodXML_SelectProFileLightSynchronizeStatus
CWitmodXML_SelectProFileLightTypeRuningStatus
CWitmodXML_SelectProFileMouseLightTypeUsingIndex
CWitmodXML_SelectProfileColorDataInfo
CWitmodXML_SelectProfileNodeInfo
CWitmodXML_SeniorKey_AddInfoItem
CWitmodXML_SeniorKey_CreateProFileXmlParentNode
CWitmodXML_SeniorKey_CreateXMLFile
CWitmodXML_SeniorKey_DeleteInfoItem
CWitmodXML_SeniorKey_GetDKSStrokeStuInfo
CWitmodXML_SeniorKey_ModifyDKSStrokeStuInfo
CWitmodXML_SeniorKey_ModifyInfoItem
CWitmodXML_SeniorKey_SelectAllInfoItem
CWitmodXML_SeniorKey_isInfoItemHave
CWitmodXML_SetProFileIntoSleepTimeInfo
CWitmodXML_UpdateEventItem
CWitmodXML_XmlCustomLightInfoSelectAll

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16dd504af27dac4c01939bed31bfcf88

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

kernel32

msvcp140

winmm

ws2_32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 166KB - Virtual size: 165KB

.rdata Size: 102KB - Virtual size: 101KB

.data Size: 1024B - Virtual size: 11KB

.gfids Size: 512B - Virtual size: 68B

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 166KB - Virtual size: 165KB

.rdata
Size: 102KB - Virtual size: 101KB

.data
Size: 1024B - Virtual size: 11KB

.gfids
Size: 512B - Virtual size: 68B

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 10KB - Virtual size: 10KB