f6017a3b1e5cedd3081fecf46e5a71bb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f6017a3b1e5cedd3081fecf46e5a71bb_JaffaCakes118
Size

272KB
MD5

f6017a3b1e5cedd3081fecf46e5a71bb
SHA1

1f912a6cfbdacdbdacec4f5e8cb8b01e5abf0b05
SHA256

e59804f009689cfb357e87340a8171ebab57ca53e03df46bff1a7aa660fd3410
SHA512

42c4112eb1d2a8c7f5ce881f32fd63b06decc87e085e9ed90bfd647f988f4632d6b643aaa0327c1175e7752a0b9a7f0f6e744023e307f1cd0a29bb00279aa7f4
SSDEEP

6144:VttXzcUBJnaNbBG1hk8FqIkEyAFkZA7HDFUbghnktNNCd6/RA:pz3BJnisDkGkvAFsAbDWsnkt6o/q

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/ usbdriver/98driver/Usp10.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ usbdriver/98driver/Usp10.dll	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ usbdriver/98driver/Usp10.dll
unpack002/out.upx
unpack001/USBDriver/98Driver/AutoFdk.exe
unpack001/USBDriver/98Driver/DrvSetup2.exe
unpack001/USBDriver/98Driver/Umssfdik.sys
unpack001/USBDriver/98Driver/Umssfdk2.sys
unpack001/USBDriver/Setup.exe

Files

f6017a3b1e5cedd3081fecf46e5a71bb_JaffaCakes118
.rar
usbdriver/98driver/Usp10.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AheadLib_LpkPresent
AheadLib_ScriptApplyDigitSubstitution
AheadLib_ScriptApplyLogicalWidth
AheadLib_ScriptBreak
AheadLib_ScriptCPtoX
AheadLib_ScriptCacheGetHeight
AheadLib_ScriptFreeCache
AheadLib_ScriptGetCMap
AheadLib_ScriptGetFontProperties
AheadLib_ScriptGetGlyphABCWidth
AheadLib_ScriptGetLogicalWidths
AheadLib_ScriptGetProperties
AheadLib_ScriptIsComplex
AheadLib_ScriptItemize
AheadLib_ScriptJustify
AheadLib_ScriptLayout
AheadLib_ScriptPlace
AheadLib_ScriptRecordDigitSubstitution
AheadLib_ScriptShape
AheadLib_ScriptStringAnalyse
AheadLib_ScriptStringCPtoX
AheadLib_ScriptStringFree
AheadLib_ScriptStringGetLogicalWidths
AheadLib_ScriptStringGetOrder
AheadLib_ScriptStringOut
AheadLib_ScriptStringValidate
AheadLib_ScriptStringXtoCP
AheadLib_ScriptString_pLogAttr
AheadLib_ScriptString_pSize
AheadLib_ScriptString_pcOutChars
AheadLib_ScriptTextOut
AheadLib_ScriptXtoCP
AheadLib_UspAllocCache
AheadLib_UspAllocTemp
AheadLib_UspFreeMem
DecodePointer
EncodePointer
LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkPresent
LpkTabbedTextOut
LpkUseGDIWidthCache
MemCode_LpkDllInitialize
MemCode_LpkDrawTextEx
MemCode_LpkEditControl
MemCode_LpkExtTextOut
MemCode_LpkGetCharacterPlacement
MemCode_LpkGetTextExtentExPoint
MemCode_LpkInitialize
MemCode_LpkPSMTextOut
MemCode_LpkTabbedTextOut
MemCode_LpkUseGDIWidthCache
MemCode_ftsWordBreak
ScriptApplyDigitSubstitution
ScriptApplyLogicalWidth
ScriptBreak
ScriptCPtoX
ScriptCacheGetHeight
ScriptFreeCache
ScriptGetCMap
ScriptGetFontProperties
ScriptGetGlyphABCWidth
ScriptGetLogicalWidths
ScriptGetProperties
ScriptIsComplex
ScriptItemize
ScriptJustify
ScriptLayout
ScriptPlace
ScriptRecordDigitSubstitution
ScriptShape
ScriptStringAnalyse
ScriptStringCPtoX
ScriptStringFree
ScriptStringGetLogicalWidths
ScriptStringGetOrder
ScriptStringOut
ScriptStringValidate
ScriptStringXtoCP
ScriptString_pLogAttr
ScriptString_pSize
ScriptString_pcOutChars
ScriptTextOut
ScriptXtoCP
UspAllocCache
UspAllocTemp
UspFreeMem
ftsWordBreak

Sections

UPX0
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
USBDriver/98Driver/AutoFdk.exe
.exe windows:4 windows x86 arch:x86

aae9e71a43908b85802a9d1829b0dd09

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
WinExec
GetPrivateProfileStringA
GetDriveTypeA
LCMapStringW
LCMapStringA
SetStdHandle
HeapReAlloc
GetVersionExA
GetOEMCP
GetACP
GetCPInfo
HeapAlloc
SetFilePointer
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
WriteFile
RtlUnwind
HeapFree
VirtualFree
CreateMutexA
GetLastError
VirtualAlloc
CloseHandle
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
FlushFileBuffers

user32

EndDialog
DefWindowProcA
SetTimer
DestroyWindow
DialogBoxParamA
PostQuitMessage
CreateWindowExA
LoadIconA
LoadCursorA
RegisterClassExA
LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
KillTimer

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceInfoListDetailA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
USBDriver/98Driver/DrvSetup2.exe
.exe windows:4 windows x86 arch:x86

96e5638ff90299cfe85c907c8142baf6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupCloseFileQueue
SetupTermDefaultQueueCallback
SetupCloseInfFile
SetupCommitFileQueueA
SetupInstallFilesFromInfSectionA
SetupInstallFromInfSectionA
SetupOpenFileQueue
SetupOpenInfFileA
SetupInitDefaultQueueCallbackEx
SetupDefaultQueueCallbackA

kernel32

GetFileTime
GetFileSize
GetFileAttributesA
SetErrorMode
GetOEMCP
FileTimeToLocalFileTime
GetTickCount
ExitProcess
TerminateProcess
HeapFree
HeapAlloc
RaiseException
FileTimeToSystemTime
HeapSize
GetACP
GetTimeZoneInformation
RtlUnwind
GetStartupInfoA
LCMapStringA
GetCommandLineA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetVolumeInformationA
HeapReAlloc
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetProcessVersion
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCPInfo
SizeofResource
GetCurrentDirectoryA
WritePrivateProfileStringA
LocalReAlloc
GlobalFlags
TlsGetValue
GlobalReAlloc
TlsSetValue
EnterCriticalSection
GlobalHandle
LeaveCriticalSection
TlsFree
InitializeCriticalSection
DeleteCriticalSection
TlsAlloc
GetThreadLocale
LocalAlloc
LCMapStringW
UnhandledExceptionFilter
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
LoadLibraryA
GetModuleFileNameA
lstrlenA
lstrcpynA
FreeLibrary
GetPrivateProfileStringA
GetVersionExA
GetLastError
GetWindowsDirectoryA
lstrcatA
SetFileAttributesA
DeleteFileA
GetFullPathNameA
GetFileType
SetEndOfFile
GetProfileStringA
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
FindNextFileA
FindFirstFileA
FindClose
MulDiv
SetLastError
FormatMessageA
LocalFree
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
CloseHandle
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
GetEnvironmentVariableA
HeapDestroy
GetStringTypeW

user32

LoadStringA
GetNextDlgGroupItem
MessageBeep
InvalidateRect
InflateRect
RegisterClipboardFormatA
PostThreadMessageA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
CopyAcceleratorTableA
SetRect
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
ScreenToClient
CopyRect
DestroyMenu
CharNextA
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
GetSysColorBrush
PtInRect
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
PostQuitMessage
PostMessageA
EnableWindow
wsprintfA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
SendMessageA
LoadIconA
GetClassNameA
GetDesktopWindow
LoadCursorA
GetMenuItemID
CharUpperA
AdjustWindowRectEx
DrawFocusRect
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode

gdi32

RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
SelectObject
GetClipBox
DeleteObject
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
PatBlt
CreateDIBitmap
CreateCompatibleDC
BitBlt
GetTextExtentPointA
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
SetViewportExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
SetMapMode
SetViewportOrgEx
SetBkMode
GetStockObject
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA

comctl32

ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoTaskMemAlloc

olepro32

ord253

oleaut32

SysStringLen
SysAllocStringByteLen
VariantCopy
SysAllocString
VariantChangeType
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
USBDriver/98Driver/Umssfdik.sys
.dll windows:4 windows x86 arch:x86

3c75018a31636a38bbbd789f3af2b482

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ExFreePool
KeSetEvent
InterlockedDecrement
IoBuildDeviceIoControlRequest
ExAllocatePoolWithTag
RtlQueryRegistryValues
IoOpenDeviceRegistryKey
IoDeleteDevice
IoDetachDevice
InterlockedIncrement
ZwClose
KeWaitForSingleObject
RtlInitUnicodeString
PoRequestPowerIrp
PoCallDriver
PoStartNextPowerIrp
IoFreeIrp
IoAllocateIrp
ExQueueWorkItem
KeInsertQueueDpc
IoCreateDevice
KeInitializeEvent
KeInitializeSpinLock
IofCallDriver
ObfReferenceObject
KeInitializeDpc
IofCompleteRequest
IoAttachDeviceToDeviceStack

hal

KeStallExecutionProcessor
KfAcquireSpinLock
KfReleaseSpinLock

usbd.sys

USBD_GetUSBDIVersion
USBD_CreateConfigurationRequest
_USBD_ParseConfigurationDescriptorEx@28

Exports

Exports

UMSS_GetMaxLun
UMSS_GetNextPDO
UMSS_RegisterCompletionHandler
UMSS_StartRequest

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 192B - Virtual size: 173B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 960B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 382B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
USBDriver/98Driver/Umssfdk2.inf
USBDriver/98Driver/Umssfdk2.sys
.dll windows:4 windows x86 arch:x86

3c75018a31636a38bbbd789f3af2b482

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ExFreePool
KeSetEvent
InterlockedDecrement
IoBuildDeviceIoControlRequest
ExAllocatePoolWithTag
RtlQueryRegistryValues
IoOpenDeviceRegistryKey
IoDeleteDevice
IoDetachDevice
InterlockedIncrement
ZwClose
KeWaitForSingleObject
RtlInitUnicodeString
PoRequestPowerIrp
PoCallDriver
PoStartNextPowerIrp
IoFreeIrp
IoAllocateIrp
ExQueueWorkItem
KeInsertQueueDpc
IoCreateDevice
KeInitializeEvent
KeInitializeSpinLock
IofCallDriver
ObfReferenceObject
KeInitializeDpc
IofCompleteRequest
IoAttachDeviceToDeviceStack

hal

KeStallExecutionProcessor
KfAcquireSpinLock
KfReleaseSpinLock

usbd.sys

USBD_GetUSBDIVersion
USBD_CreateConfigurationRequest
_USBD_ParseConfigurationDescriptorEx@28

Exports

Exports

UMSS_GetMaxLun
UMSS_GetNextPDO
UMSS_RegisterCompletionHandler
UMSS_StartRequest

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 192B - Virtual size: 173B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 960B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
USBDriver/98Driver/Umsspdr2.pdr
USBDriver/98Driver/Umsspdrf.pdr
USBDriver/AUTORUN.INF
USBDriver/Setup.exe
.exe windows:4 windows x86 arch:x86

859d6f864663f9b5bac8321990513df8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStdHandle
GlobalHandle
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
CreateProcessA
WaitForSingleObject
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
SetErrorMode
GetOEMCP
GetCPInfo
GetProcessVersion
GetLastError
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
WritePrivateProfileStringA
GlobalFlags
lstrlenA
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
TlsFree
GetFileType
GlobalReAlloc
GetModuleFileNameA
CloseHandle
LeaveCriticalSection
HeapDestroy
DeleteCriticalSection
GetVersionExA
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
InterlockedDecrement
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GlobalFree
LockResource
FindResourceA
LoadResource
GlobalUnlock
MulDiv
GetModuleHandleA
GetProcAddress
SetLastError
HeapCreate
VirtualFree
SetHandleCount

user32

GetCapture
GetTopWindow
WinHelpA
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
LoadCursorA
GetClassNameA
PtInRect
GetSysColorBrush
DestroyMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
RegisterClassA
wsprintfA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
GetMenu
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
EndDialog
IsWindow
CreateDialogIndirectParamA
DestroyWindow
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
PostQuitMessage
PostMessageA
EnableWindow
IsIconic
GetSystemMetrics
GetClassInfoA
CreateWindowExA
GetClientRect
DrawIcon
LoadBitmapA
SendMessageA
AdjustWindowRect
LoadStringA
LoadIconA
GrayStringA
GetDlgItem
SetActiveWindow
UnregisterClassA

gdi32

CreatePatternBrush
CreateBitmap
DeleteDC
SaveDC
RestoreDC
SelectObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
DeleteObject
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
BitBlt
CreateCompatibleDC
GetStockObject

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

comctl32

ord17

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 152KB

UPX1 Size: 79KB - Virtual size: 80KB

.rsrc Size: 8KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 4KB - Virtual size: 33KB

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 10KB - Virtual size: 9KB

aae9e71a43908b85802a9d1829b0dd09

Headers

File Characteristics

Imports

kernel32

user32

advapi32

setupapi

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 2KB

96e5638ff90299cfe85c907c8142baf6

Headers

File Characteristics

Imports

setupapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: 144KB - Virtual size: 140KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 16KB - Virtual size: 12KB

3c75018a31636a38bbbd789f3af2b482

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

usbd.sys

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.data Size: 32B - Virtual size: 8B

.edata Size: 192B - Virtual size: 173B

INIT Size: 1024B - Virtual size: 1000B

.rsrc Size: 960B - Virtual size: 960B

.reloc Size: 384B - Virtual size: 382B

3c75018a31636a38bbbd789f3af2b482

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

usbd.sys

UPX0
Size: - Virtual size: 152KB

UPX1
Size: 79KB - Virtual size: 80KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 4KB - Virtual size: 33KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 10KB - Virtual size: 9KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 144KB - Virtual size: 140KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 16KB - Virtual size: 12KB

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 32B - Virtual size: 8B

.edata
Size: 192B - Virtual size: 173B

INIT
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 960B - Virtual size: 960B

.reloc
Size: 384B - Virtual size: 382B

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 32B - Virtual size: 8B

.edata
Size: 192B - Virtual size: 173B

INIT
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 960B - Virtual size: 960B

.reloc
Size: 384B - Virtual size: 380B

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 72KB - Virtual size: 69KB