27e816b2e0cc047cd1b54857fcbcbdc8d2d8a4c07b866a734be625852c8b8478

Sharing

Copy URL Twitter E-mail

General

Target

27e816b2e0cc047cd1b54857fcbcbdc8d2d8a4c07b866a734be625852c8b8478
Size

896KB
MD5

0e4010ed691876cc8774a7c7ec7baae0
SHA1

57e796d779950fd656d750a1c7474b689ffd01c4
SHA256

27e816b2e0cc047cd1b54857fcbcbdc8d2d8a4c07b866a734be625852c8b8478
SHA512

ea81f35b275d9f1c471b9fc322a63b5df40f7bdf0092603b2619c690d385debb6e1484ca0c2d453cb70474f3eeb502a24f561e1773b3db88e2c35960b681b5f5
SSDEEP

24576:t0NFa2IOozYvirH/3i50pOEPZpgvt5OKA:KFa2AzCirH/3iSpO8+5C

Score

N/A

Malware Config

Signatures

Files

27e816b2e0cc047cd1b54857fcbcbdc8d2d8a4c07b866a734be625852c8b8478
.exe windows x64

4d894feda6f6561f22986c4e38b0350b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

aipingui

?OnInitDialog@CResetCardDialog@@MEAAHXZ
?VerifyAndUpdatePolicies@ACPoliciesDlg@@QEAA_NVCSecStr@@000@Z
?GetMessageMap@CResetCardDialog@@MEBAPEBUAFX_MSGMAP@@XZ
??0CDisplayUCChild@@QEAA@HPEAUtagRECT@@VCSecStr@@PEAVCWnd@@@Z
?GetRuntimeClass@CDisplayUCChild@@UEBAPEAUCRuntimeClass@@XZ
?GetMessageMap@ACPoliciesDlg@@MEBAPEBUAFX_MSGMAP@@XZ
?DoDataExchange@ACPoliciesDlg@@MEAAXPEAVCDataExchange@@@Z
?OnInitDialog@ACPoliciesDlg@@MEAAHXZ
?DisablePIN@CResetCardDialog@@QEAAXXZ
??1CCapsLockSensitiveEdit@@UEAA@XZ
?ResetToolTip@CCapsLockSensitiveEdit@@QEAAXXZ
??0CCapsLockSensitiveEdit@@QEAA@XZ
?LocCreate@ACPoliciesDlg@@QEAAHPEAVCWnd@@@Z
?GetPin@CResetCardDialog@@QEAA?AVCSecStr@@XZ
?ResetToolTip@CResetCardDialog@@QEAAXXZ
?LocCreate@CResetCardDialog@@QEAAHPEAVCWnd@@@Z
??0CResetCardDialog@@QEAA@HPEAUtagRECT@@PEAVCButton@@PEAVCWnd@@@Z
?IsNeverDisplayChecked@CDisplayUCChild@@QEAAHXZ
InitGUIDll
??1ACPoliciesDlg@@UEAA@XZ
?LocCreate@CDisplayUCChild@@QEAAHPEAVCWnd@@@Z
??0ACPoliciesDlg@@QEAA@PEAUPwdRuleArgs@@HPEAUtagRECT@@PEAVCWnd@@HHH@Z
?GetRuntimeClass@ACPoliciesDlg@@UEBAPEAUCRuntimeClass@@XZ
?CheckWindow@CResetCardDialog@@QEAAX_N@Z
?DoDataExchange@CResetCardDialog@@MEAAXPEAVCDataExchange@@@Z
??1CResetCardDialog@@UEAA@XZ
??1CDisplayUCChild@@UEAA@XZ
?GetMessageMap@CDisplayUCChild@@MEBAPEBUAFX_MSGMAP@@XZ
?DoDataExchange@CDisplayUCChild@@MEAAXPEAVCDataExchange@@@Z
?OnInitDialog@CBaseDialog@@MEAAHXZ
?SetChallenge@CResetCardDialog@@QEAAXVCSecStr@@@Z
?GetRuntimeClass@CResetCardDialog@@UEBAPEAUCRuntimeClass@@XZ

acevtsub

?UnSubscribe@ACDelegateSubscriber@@IEAAHXZ
??0ACDelegateSubscriber@@QEAA@XZ
??1ACDelegateSubscriber@@UEAA@XZ
?Subscribe@ACDelegateSubscriber@@IEAAHH@Z

aclog

aclogLog
aclogLogBin
aclogClose

asphat32

ASPHEndTransaction
ASPHGetCardStatus
ASPHConnect
ASPHDisconnect
ASPHakdIsSIMPresent
ASPHCredentialAttrUpdate
ASPHListCredentials
ASPHGetUniqueIdentifier
ASPHLogin
ASPHBeginTransaction
ASPHUnlockGetChallenge
ASPHPinUnlock
ASPHPinVerifiedCheck
ASPHCredentialAttrRead
ASPHIsCACCard
ASPHIsPIVCard
ASPHIsStandaloneCard
ASPHIsUnlockCardAllowed
ASPHIsClearCardAllowed
ASPHGetCardProfileUID
ASPHGetCardManagerState
ASPHGetReadersList
ASPHGetCardProperties
ASPHClearCache
ASPHPinInit
ASPHClearCard
ASPHGetCardManufacturerAndModel
ASPHGetATR
ASPHGetDataModel
ASPHGetPINPolicies

aiwinext

??1CSecStr@@QEAA@XZ
??0CSecStr@@QEAA@PEAE@Z
??BCSecStr@@QEBAPEBDXZ
??4CSecStr@@QEAAAEAV0@PEAD@Z
?IsEmpty@CSecStr@@QEBA_NXZ
??0CSecStr@@QEAA@XZ
??4CSecStr@@QEAAAEAV0@PEBD@Z
?Empty@CSecStr@@QEAAXXZ
?ReleaseBuffer@CSecStr@@QEAAXH@Z
?GetBuffer@CSecStr@@QEBAPEADXZ
?LoadStringA@CSecStr@@QEAAHI@Z
?GetString@CSecStr@@QEBAPEBDXZ
??4CSecStr@@QEAAAEAV0@AEBV0@@Z
??0CSecStr@@QEAA@PEBD@Z
??1CSecureDialog@@UEAA@XZ
?DestroyWindow@CSecureDialog@@UEAAHXZ
?OnOK@CSecureDialog@@MEAAXXZ
?OnCancel@CSecureDialog@@MEAAXXZ
?OnInitDialogSecure@CSecureDialog@@UEAAXXZ
?EndDialog@CSecureDialog@@UEAAXH@Z
??0CSecStr@@QEAA@AEBV0@@Z
??8@YA_NAEBVCSecStr@@0@Z
?CompareNoCase@CSecStr@@QEBAHPEBD@Z
?GetLength@CSecStr@@QEBAHXZ
?Format@CSecStr@@QEAAXPEBDZZ
??YCSecStr@@QEAAAEAV0@PEBD@Z
?Format@CSecStr@@QEAAXIZZ
??YCSecStr@@QEAAAEAV0@D@Z
?DDX_Text@CSecureDialog@@IEAAXPEAVCDataExchange@@HAEAVCSecStr@@@Z
?GetThisClass@CSecureDialog@@SAPEAUCRuntimeClass@@XZ
??0CSecureDialog@@QEAA@IPEAVCWnd@@@Z
?GetThisMessageMap@CSecureDialog@@KAPEBUAFX_MSGMAP@@XZ
?Replace@CSecStr@@QEAAHPEBD0@Z
?Compare@CSecStr@@QEBAHPEBD@Z
?LoadStringA@CSecStr@@QEAAHPEAUHINSTANCE__@@I@Z
?GetBuffer@CSecStr@@QEAAPEADH@Z
??0CSecStr@@QEAA@PEAD@Z
?Insert@CSecStr@@QEAAHHPEBD@Z
?Left@CSecStr@@QEBA?AV1@H@Z
?ReverseFind@CSecStr@@QEBAHD@Z
??4CSecStr@@QEAAAEAV0@PEAE@Z
aiRegReadDWORDValue
??9@YA_NAEBVCSecStr@@0@Z
??H@YA?AVCSecStr@@AEBV0@PEBD@Z
?Right@CSecStr@@QEBA?AV1@H@Z
??YCSecStr@@QEAAAEAV0@AEBV0@@Z

mfc80

ord4932
ord300
ord793
ord6345
ord5373
ord6334
ord1599
ord5362
ord1198
ord2380
ord5490
ord3972
ord3799
ord1505
ord2933
ord1818
ord310
ord1958
ord1502
ord4137
ord2117
ord1566
ord4275
ord3209
ord796
ord602
ord6110
ord2123
ord1610
ord4281
ord3355
ord753
ord2406
ord265
ord5489
ord568
ord3435
ord757
ord5759
ord6050
ord266
ord4621
ord5481
ord6284
ord4993
ord2304
ord1021
ord776
ord774
ord604
ord769
ord3371
ord4302
ord4522
ord3987
ord2678
ord3747
ord3757
ord3756
ord2567
ord2680
ord2574
ord2872
ord2748
ord4348
ord2869
ord2765
ord2571
ord5609
ord5255
ord5272
ord4609
ord3986
ord5268
ord5266
ord2965
ord1947
ord3870
ord5424
ord6266
ord5144
ord1025
ord3844
ord5626
ord2046
ord2091
ord4367
ord6324
ord3839
ord6326
ord4053
ord4077
ord340
ord3293
ord2276
ord1100
ord3721
ord577
ord5161
ord1069
ord3868
ord6137
ord2192
ord2688
ord5774
ord1202
ord5757
ord3248
ord589
ord1139
ord890
ord2353
ord316
ord1961
ord3242
ord1298
ord1930
ord583
ord3202
ord4527
ord3027
ord2896
ord5242
ord1618
ord1679
ord1680
ord1991
ord5217
ord1380
ord5009
ord3383
ord6325
ord3840
ord6327
ord1541
ord2200
ord2206
ord2439
ord2421
ord2419
ord2437
ord2449
ord2426
ord2442
ord2447
ord2430
ord2432
ord2434
ord2428
ord2444
ord2424
ord949
ord945
ord947
ord943
ord938
ord5275
ord5277
ord6004
ord1619
ord4323
ord4763
ord3441
ord5256
ord4226
ord6323
ord5115
ord1935
ord5194
ord4273
ord1421
ord3984
ord1642
ord1645
ord5959
ord3090
ord1564
ord2114
ord598
ord1078
ord1326
ord2204
ord5569
ord3330
ord4285
ord1600
ord1667
ord727
ord758
ord734
ord569
ord541
ord4303
ord5245
ord1420
ord5956
ord3089
ord1570
ord1694
ord1695
ord2048
ord1225
ord5224
ord1821
ord4790
ord5656
ord2691
ord721
ord512
ord5876
ord6112
ord5487

msvcr80

strpbrk
_setmbcp
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__C_specific_handler
strcat_s
_mbsrchr
_mbsnbcpy_s
_strlwr
isalnum
sprintf
_i64toa
sprintf_s
strcat
atoi
_mbsnbcnt
_mbslen
_mbsicmp
_lrotl
strcpy
memcpy
strchr
__CxxFrameHandler3
strrchr
_stricmp
exit
strlen
_chdir
memset
??0exception@std@@QEAA@AEBQEBD@Z
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
_CxxThrowException
??0exception@std@@QEAA@AEBV01@@Z
_invalid_parameter_noinfo
free
malloc
memcmp
strcpy_s
_purecall

kernel32

GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetExitCodeThread
GetACP
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
DuplicateHandle
GetCurrentProcessId
FreeLibrary
WaitForSingleObject
SetEvent
ReleaseMutex
CreateMutexA
GetSystemDirectoryA
GetStartupInfoA
CreateProcessA
GetExitCodeProcess
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
GetCurrentProcess
GetModuleHandleA
LocalAlloc
lstrcmpA
LocalFree
GetPrivateProfileSectionA
GetPrivateProfileStringA
lstrlenA
GetVersion
ResetEvent
CreateThread
CreateEventA
CloseHandle
GetProcAddress
Sleep
GetCurrentThreadId
LoadLibraryA
GetModuleFileNameA
GetLastError

user32

GetWindowThreadProcessId
SetWindowLongA
GetWindowLongA
GetSysColorBrush
GetSysColor
DrawIcon
SendMessageA
IsIconic
GetWindowRect
GetClientRect
UpdateWindow
InvalidateRect
SetForegroundWindow
EnableWindow
LoadIconA
DrawTextA
FillRect
GetGUIThreadInfo
EnumDesktopWindows
SetWindowPos
RegisterWindowMessageA
GetParent
SetTimer
KillTimer
SetCursor
LoadCursorA
IsWindow
FindWindowA
MessageBoxA
GetActiveWindow
PostMessageA
GetSystemMetrics
SetActiveWindow
AttachThreadInput

gdi32

CreateFontA
LineTo
CreateSolidBrush
MoveToEx
CreatePen
GetObjectA
CreateFontIndirectA
DeleteObject
SetBkMode
SetTextColor
SelectObject

advapi32

RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
GetTokenInformation
OpenProcessToken
RegConnectRegistryA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

ole32

CoGetClassObject
CoUninitialize
CoInitialize

msvcp80

?_Xlen@_String_base@std@@SAXXZ
?_Xran@_String_base@std@@SAXXZ

accuvoplite

ACCUVOP_GetCardMgrStatus
ACCUVOP_InstallInstall
ACCUVOP_DeleteApplet
ACCUVOP_ListContent
ACCUVOP_SwapKeySetEx
ACCUVOP_InitHSM
ACCUVOP_Connect
ACCUVOP_End
ACCUVOP_InstallLoad
ACCUVOP_SetStatus
ACCUVOP_InitPin
ACCUVOP_OpenSecureChannel

aspcom

aspcomCardBeginTransaction
aspcomCardEndTransaction

accrypto

acProfileCheckSignature
ACCAPENCDecryptFile
??1CDecryptedData@@QEAA@XZ
?Encrypt@CDecryptedData@@QEAAHAEAV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@std@@@Z
??0CDecryptedData@@QEAA@KAEBV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@std@@@Z

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 620KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4d894feda6f6561f22986c4e38b0350b

Headers

DLL Characteristics

File Characteristics

Imports

aipingui

acevtsub

aclog

asphat32

aiwinext

mfc80

msvcr80

kernel32

user32

gdi32

advapi32

comctl32

ole32

msvcp80

accuvoplite

aspcom

accrypto

Sections

.text Size: 156KB - Virtual size: 155KB

.rdata Size: 102KB - Virtual size: 102KB

.data Size: 6KB - Virtual size: 9KB

.pdata Size: 9KB - Virtual size: 9KB

.shared Size: 512B - Virtual size: 4B

.rsrc Size: 620KB - Virtual size: 2.0MB

.text
Size: 156KB - Virtual size: 155KB

.rdata
Size: 102KB - Virtual size: 102KB

.data
Size: 6KB - Virtual size: 9KB

.pdata
Size: 9KB - Virtual size: 9KB

.shared
Size: 512B - Virtual size: 4B

.rsrc
Size: 620KB - Virtual size: 2.0MB