1363664de8cb3b4505458ae815cd1bafe4d37c12707c0ba7ee9258521b49a9e0

Sharing

Copy URL

Twitter E-mail

General

Target

1363664de8cb3b4505458ae815cd1bafe4d37c12707c0ba7ee9258521b49a9e0
Size

454KB
MD5

c5039e1aff09355705d3a18f008cadc1
SHA1

326784dbab29f18fccaec420cdb80ec95c7f8b66
SHA256

1363664de8cb3b4505458ae815cd1bafe4d37c12707c0ba7ee9258521b49a9e0
SHA512

7cfce8fb45a3c25beaf2fe4e9d90597c36b9fb968d806481424949c0781e5d8eeed1d25660eeebe7217fe9f6806937666e176dd123aec9498e4204f5b9961940
SSDEEP

12288:TLGpuU0N+JJnprrqJ2MjJb/f10oWX+u4+WQ5J/S:eoUhq5JbH10nOuDdK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1363664de8cb3b4505458ae815cd1bafe4d37c12707c0ba7ee9258521b49a9e0

Files

1363664de8cb3b4505458ae815cd1bafe4d37c12707c0ba7ee9258521b49a9e0
.exe windows x86

b5c70df03904e3b7f7bb330e8211494b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

ws2_32

shutdown
select
inet_addr
getsockopt
send
recv
WSAStartup
socket
htons
bind
listen
closesocket
WSACleanup
accept

websocketsdll

lws_service
lws_create_context
lws_context_destroy
lws_write

eyibc

SetIBCPrvKeyStatus
DestroyIBCParamObject
CreateLibCtx
CreateSM2PrvKeyObjectFromMem
GMCryptImportData
DestroyLibCtx
CreateSM2PubKeyObjectFromMem
GMCryptExportData
DestroyPubKeyObject
GenerateSM2KeyPair
GMBase64Decode
CreatePrvKeyObjectFromMemEx
SetLibCtxAttribute
CreateIBCParamObjectFromMem
GMCryptHash
InitEYIBC
DestroyIdentityList
DestroyCertObject
CreatePKCPubKeyObjectFromCertificate
CreateCertObjectFromData
GM_random
GMCryptFpeBatchEnc
GMFpeBatchDataCheck
DestroyPrvKeyObject
GetPrvKeyAttribute
GM_free
GMCryptVerifySignData
GetDefaultEnvAlg
CreateIBCPubKeyObjectEx
CreatePrvKeyObjectFromMem
GMCryptMACEx2
GMCryptEncrypt
GMCryptDestroyMAC
GMCryptMACFinal
GMCryptEncFinal
GMCryptEncUpdate
GMCryptMACUpdate
GMCryptEncInit
SetSecKeyAttribute
GMCryptGenSecKey
GetIBCParamAttribute
SetMACAttribute
GMCryptGenMAC
GMCryptDecrypt
GMCryptDecFinal
GMCryptDecUpdate
GMCryptDecInit
DeviceWriteFile
DeviceCreateFile
DeviceReadFile
GMBase64Encode
GetDefaultSignAlg
CreatePKCPubKeyObjectFromData
SetPubKeyAttribute
GMCryptMACInit

keymanager

PMDeviceFindKey
PMDeviceManageCreateDevice
PMDeviceManageEnumDevice
PMFileDeviceCreate
PMDeviceDestroy
PMDeviceClose
PMDeviceVerifyPassword
PMDeviceGetAttribute
PMKeyDestroy
PMEnvelopSM2P7Encrypt
PMEnvelopSM2P7Decrypt
PMKeyDataDestroy
PMEnvelopSM9P7Encrypt
PMKeyGetAttribute
PMKeyCreate
PMKeyDataSetAttribute
PMKeyDataCreate
PMGetErrorMsg
PMLogSetMode
PMEngineCreate
PMEngineDestroy
PMSetErrorMsgFile
PMDeviceManageDestroy
PMEngineSetAttribute
PMDeviceManageCreate
PMSignatureInitVerify
PMSignatureInitIDVerify
PMSignatureVerify
PMUnityServiceCreate
PMUnityServiceSendCode
PMUnityServiceGetToken
PMUnityServiceDownloadKey
PMKeyGenerateCSR
PMUnityServiceRequestCertificate
PMKeyUpdateCertificate
PMSM9KeyIndexCreate
PMUnityServiceSetAttribute
PMDeviceImportKey
PMSignatureCreate
PMSignatureInitSign
PMSignatureUpdate
PMSignatureSign
PMKeyUnload
PMUnityServiceDestroy
PMSignatureDestroy
PMDeviceGetKeysCount
PMDeviceGetKeysItem
PMDeviceOpen
PMFree
PMAsymCipherDecryptInit
PMAsymCipherCreate
PMAsymCipherEncryptInitID
PMAsymCipherDoFinal
PMAsymCipherDestroy
PMKeyGetStatus
PMKeyLoad
PMEnvelopSM9P7Decrypt

libeay32

ord641
ord66
ord657
ord585
ord653
ord181
ord129
ord1161
ord76
ord95
ord78
ord109
ord401
ord656
ord9
ord1002

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
GetProcessHeap
SetEndOfFile
GetLocaleInfoW
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetFilePointer
ReadFile
IsValidCodePage
GetOEMCP
GetACP
HeapSize
VirtualFree
HeapCreate
GetFileType
SetHandleCount
FlushFileBuffers
GetConsoleCP
WriteFile
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
HeapReAlloc
GetSystemTimeAsFileTime
ExitProcess
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapFree
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceCounter
GlobalAlloc
GlobalFree
DeleteFileA
GetStdHandle
GetConsoleMode
SetLastError
Sleep
GetCurrentProcessId
GetSystemTime
GetLocalTime
OutputDebugStringA
ReleaseMutex
WaitForSingleObject
GetCommandLineA
CreateMutexA
GetCurrentThreadId
CreateSemaphoreA
GetModuleHandleA
FindResourceA
LoadResource
SizeofResource
IsDBCSLeadByte
GetModuleHandleW
lstrcmpiA
InterlockedIncrement
lstrlenW
GetCurrentThread
GetCurrentProcess
CloseHandle
GetModuleFileNameA
lstrlenA
InterlockedDecrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExA
GetProcAddress
FreeLibrary

user32

CharNextA
LoadStringA
PostThreadMessageA
MessageBoxA
DispatchMessageA
GetMessageA
CharNextW

advapi32

CreateServiceA
RegDeleteValueA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
RegEnumKeyExA
RegQueryInfoKeyA
RegCreateKeyExA
OpenThreadToken
OpenProcessToken
SetServiceStatus
RegisterEventSourceA
ReportEventA
DeregisterEventSource
ControlService
DeleteService
RegDeleteKeyA
ChangeServiceConfig2A
OpenSCManagerA
OpenServiceA
CloseServiceHandle
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoUninitialize
CoInitialize
CoInitializeSecurity
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemAlloc

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

Sections

.text
Size: 382KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5c70df03904e3b7f7bb330e8211494b

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

ws2_32

websocketsdll

eyibc

keymanager

libeay32

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 382KB - Virtual size: 382KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 6KB - Virtual size: 16KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 382KB - Virtual size: 382KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 6KB - Virtual size: 16KB

.rsrc
Size: 3KB - Virtual size: 2KB