15087eeb28cc3a88bd299969c5d72f89525a7f3d24a4e80220d13367dae9efebN

Sharing

Copy URL

Twitter E-mail

General

Target

15087eeb28cc3a88bd299969c5d72f89525a7f3d24a4e80220d13367dae9efebN
Size

60KB
MD5

657be87d8c73ac85e076f77e2f3db0a0
SHA1

8ad75f8a4552d281ea6f57e31fa269c90d6ade05
SHA256

15087eeb28cc3a88bd299969c5d72f89525a7f3d24a4e80220d13367dae9efeb
SHA512

f43442958e227d8ee77a71075bc50b659ea528c9f2230436c396bc51c577a03cda579a6732ebfe3b5fd4f1d5c18e9fa5ac8195a5ea59a52885edee6efbdba84c
SSDEEP

1536:Nc/qDFN2kT7/uAbQO7hLRLYIhahKNSma1+gS0q:Nc/qpN2kTSAbQO1R+wNSmpV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/usbport.sys

Files

15087eeb28cc3a88bd299969c5d72f89525a7f3d24a4e80220d13367dae9efebN
.cab
usbport.sys
.dll windows:5 windows x86 arch:x86

4974ca2f0127bb4a16007e13c65ab86d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

usbport.pdb

Imports

ntoskrnl.exe

InterlockedDecrement
InterlockedIncrement
KeDelayExecutionThread
KeQueryTimeIncrement
ObfDereferenceObject
IoBuildSynchronousFsdRequest
IoGetAttachedDeviceReference
KeBugCheckEx
ZwClose
ZwOpenKey
RtlInitUnicodeString
KeInitializeSpinLock
RtlFreeUnicodeString
IoCreateSymbolicLink
ExAllocatePoolWithTag
RtlQueryRegistryValues
IoIsWdmVersionAvailable
ExFreePool
IoDeleteSymbolicLink
IoDisconnectInterrupt
IoConnectInterrupt
IoGetDmaAdapter
IoGetDeviceProperty
IoCsqInitialize
KeInitializeDpc
IofCompleteRequest
PoStartNextPowerIrp
KeInsertQueueDpc
KeReleaseSemaphore
RtlCompareMemory
InterlockedCompareExchange
IoCsqRemoveNextIrp
KeCancelTimer
KeSetTimer
ExQueueWorkItem
KeInitializeTimer
ObReferenceObjectByHandle
PsTerminateSystemThread
KeResetEvent
IoAllocateIrp
KeGetCurrentThread
_alldiv
PsCreateSystemThread
IoReleaseCancelSpinLock
InterlockedExchange
ExfInterlockedInsertTailList
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
IoFreeMdl
IoAcquireCancelSpinLock
MmMapLockedPages
ZwQueryValueKey
IoOpenDeviceRegistryKey
ZwSetValueKey
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
IoDeleteDevice
IoCreateDevice
MmMapIoSpace
wcslen
KeRegisterBugCheckReasonCallback
KeDeregisterBugCheckReasonCallback
ObfReferenceObject
IoAttachDeviceToDeviceStack
KeInitializeSemaphore
IoDetachDevice
PoCallDriver
IoCsqInsertIrp
PoRequestPowerIrp
IoCancelIrp
MmBuildMdlForNonPagedPool
IoAllocateMdl
DbgBreakPoint
ExfInterlockedInsertHeadList
ExfInterlockedRemoveHeadList
KeTickCount
KeInitializeEvent
IofCallDriver
KeWaitForSingleObject
IoFreeIrp
KeQuerySystemTime
KeSetEvent
ExAllocatePoolWithQuotaTag
ProbeForRead
_except_handler3

hal

KfRaiseIrql
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Exports

Exports

DllUnload
USBPORT_GetHciMn
USBPORT_RegisterUSBPortDriver

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 139B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGECONS
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4974ca2f0127bb4a16007e13c65ab86d

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Exports

Exports

Sections

.text Size: 118KB - Virtual size: 117KB

.rdata Size: 1024B - Virtual size: 708B

.data Size: 1024B - Virtual size: 1008B

PAGE Size: 10KB - Virtual size: 10KB

.edata Size: 512B - Virtual size: 139B

PAGECONS Size: 512B - Virtual size: 16B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 118KB - Virtual size: 117KB

.rdata
Size: 1024B - Virtual size: 708B

.data
Size: 1024B - Virtual size: 1008B

PAGE
Size: 10KB - Virtual size: 10KB

.edata
Size: 512B - Virtual size: 139B

PAGECONS
Size: 512B - Virtual size: 16B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 6KB - Virtual size: 5KB