c48dc04123d300bd5712519cefa9db25f080cfe83517bad1d37c3f1deb09d530

Sharing

Copy URL

Twitter E-mail

General

Target

c48dc04123d300bd5712519cefa9db25f080cfe83517bad1d37c3f1deb09d530
Size

179KB
MD5

15c7e8f822d7b080d627d8c63b0d2d11
SHA1

05360066dc3128856f66eaed3af4e391ff8e6c05
SHA256

c48dc04123d300bd5712519cefa9db25f080cfe83517bad1d37c3f1deb09d530
SHA512

0f252792a03ff58a8090400e322c3dd3e39a5251b6f83914f3f0a423f9cbf8d168f1cf2595b6b12a46f2bc1ae8480ca246f44164fa1a1a1e77d14cece33abda8
SSDEEP

3072:afolkX+hzpvtH1X0xQeZAruHfwJ9AWnhdQ/H/Lj8GpJNC7ksObPnhn:afhX+hzpvtHUAz9AWnhd4ckCJObPn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c48dc04123d300bd5712519cefa9db25f080cfe83517bad1d37c3f1deb09d530

Files

c48dc04123d300bd5712519cefa9db25f080cfe83517bad1d37c3f1deb09d530
.dll windows:5 windows x86

89b3ed2e739bd07ce023560d0642e25a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

usb20dll

_IF_CloseDev
_IF_GetTAG
_IF_OpenDevEx
_IF_LOG_Manage
_IF_Expand_read_write
_IF_GET_Dev_Info
_IF_check_password
_IF_IIR_Manage

infonote

??4CSplitString@@QAEXPBD@Z
??0CSplitString@@QAE@D@Z
??ACSplitString@@QAEPBDH@Z
??1CSplitString@@UAE@XZ
?GetCount@CSplitString@@QAEHXZ

interface

?CreateDirectoryA@CFileString@@SAHPBD@Z
??1CFileString@@UAE@XZ
??0CFileString@@QAE@XZ
?DeleteFileA@CFileString@@SAHPBD@Z

secbase

??ACCipherArray@@QAEPAVCCipherBaseClass@@E@Z
??1CCipherArray@@UAE@XZ
??0CCipherArray@@QAE@XZ

shlwapi

PathFileExistsA

fsbase

_fs_listdir@12
_fs_changedir@8
_fs_GetCurrDir@4
_fs_getattr@12
_fs_closedev@4
_fs_opendev@8
_fs_GetError@0

usbbase

sha_char
CheckPassword
WriteIIR1
GetDiskPos
ReadIIR1
ReadDisk
ChangeDiskPos
WriteDisk
SectorDecrypt
ReverseDWORD
MasterKeySet
hi_checkLog
hi_getpatts
hi_checkpwd
hi_getpwdinfo
hi_closedev
hi_opendev

msvcr100

_mktime64
vsprintf
_splitpath
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
sscanf
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__clean_type_info_names_internal
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
memmove
malloc
??2@YAPAXI@Z
_access
memset
__CxxFrameHandler3
??_V@YAXPAX@Z
_purecall
??3@YAXPAX@Z
ldiv
strncmp
_time64
strncat
??_U@YAPAXI@Z
free
_strnicmp
strrchr
strstr
strncpy
sprintf
__CppXcptFilter
strtol
memcpy

kernel32

LocalFree
GetModuleFileNameA
LocalAlloc
EncodePointer
DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
DeleteFileA
OutputDebugStringA
WaitForSingleObject
GetSystemDirectoryA
lstrcpyA
ReleaseMutex
GetProcAddress
FreeLibrary
GetLastError
GetLocalTime
LoadLibraryExA
GetFileAttributesA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrlenW
CreateDirectoryA

user32

SendMessageA
MessageBoxA

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ

mfc100

ord888
ord6112
ord8304
ord9281
ord7357
ord4772
ord6888
ord6898
ord6897
ord4606
ord4774
ord4625
ord5098
ord4881
ord8439
ord5095
ord4903
ord4622
ord11787
ord11153
ord11184
ord9449
ord7355
ord4078
ord6835
ord11172
ord5238
ord3409
ord13481
ord13484
ord13482
ord13485
ord13480
ord13483
ord7144
ord11413
ord13181
ord10922
ord14075
ord1732
ord7091
ord11806
ord3618
ord3676
ord8486
ord13299
ord7073
ord13301
ord11421
ord11420
ord2163
ord4724
ord13767
ord11726
ord7510
ord7584
ord1288
ord7141
ord1448
ord4498
ord1483
ord901
ord11781
ord310
ord1479
ord316
ord11180
ord300
ord2626
ord13045
ord305
ord5242
ord1437
ord3404
ord4144
ord7837
ord1313
ord6010
ord1316
ord4283
ord4143
ord11439
ord7487
ord11744
ord2219
ord1929
ord1982
ord3988
ord2611
ord7832
ord3839
ord7322
ord13137
ord2061
ord4317
ord11297
ord13329
ord2818
ord13310
ord2056
ord11274
ord11740
ord421
ord977
ord7876
ord13135
ord13131
ord2617
ord5825
ord5635
ord4934
ord4941
ord4938
ord14117
ord3821
ord11902
ord12453
ord5208
ord13312
ord7608
ord13172
ord1487
ord4501
ord423
ord5828
ord2548
ord979
ord1480
ord2067
ord2063
ord906
ord13518
ord2090
ord322
ord2052
ord2050
ord2079
ord1979
ord2040
ord3406
ord408
ord1948
ord2089
ord2087
ord1940
ord1867
ord323
ord1297
ord5207

Exports

Exports

??0IISOUpdate@@QAE@ABV0@@Z
??0IISOUpdate@@QAE@XZ
??1IISOUpdate@@UAE@XZ
??4IISOUpdate@@QAEAAV0@ABV0@@Z
??_7IISOUpdate@@6B@
CreateIISOUpdateImp
DeleteIISOUpdate

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89b3ed2e739bd07ce023560d0642e25a

Headers

DLL Characteristics

File Characteristics

Imports

usb20dll

infonote

interface

secbase

shlwapi

fsbase

usbbase

msvcr100

kernel32

user32

msvcp100

mfc100

Exports

Exports

Sections

.text Size: 134KB - Virtual size: 134KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 134KB - Virtual size: 134KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 10KB - Virtual size: 10KB