HyperPKI_HYP2003_Setup[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

HyperPKI_HYP2003_Setup.exe
Size

1.6MB
MD5

95f36cd26b6024694c86728914d8ecdb
SHA1

94ecf01eb01e79cf9a6dba5244d5d4fdaf6450e7
SHA256

b24bba4d6df0674d8153c647bd837e6de6df2098befdfbf6c2b6529c9c34960f
SHA512

f502fa537c97cd7d6ba334cadd13f8ffa41bdaae7ac1643fd8279800eafa8973b08e7224c9f1f67291952eb5506e3835f37a9c2b5b77cc70d42cd7763b431002
SSDEEP

49152:3A0I0rKbljJWpaDZDXNehniqT93lWB5j5Iz:3A0cdDDdehniGZALKz

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/nsExec.dll

Files

HyperPKI_HYP2003_Setup.exe
.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-12-2014 00:00

Not After

02-12-2029 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:df:e2:f2:94:ab:1d:b1:1e:35:e2:e2:ac:af:32:8c
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07-05-2021 00:00

Not After

06-05-2024 23:59

Subject

SERIALNUMBER=BC0861649,CN=Hypersecu Information Systems Inc.,O=Hypersecu Information Systems Inc.,L=Richmond,ST=British Columbia,C=CA,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13104272697469736820436f6c756d626961,1.3.6.1.4.1.311.60.2.1.3=#13024341

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:86:e9:12:62:43:d3:43:62:3d:94:2f:2e:e6:6a:b4:b0:46:22:e1:4e:b6:fd:da:f7:79:32:9f:6a:c7:1a:cb
Signer

Actual PE Digest

c3:86:e9:12:62:43:d3:43:62:3d:94:2f:2e:e6:6a:b4:b0:46:22:e1:4e:b6:fd:da:f7:79:32:9f:6a:c7:1a:cb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 708KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:5 windows x86 arch:x86

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GetModuleHandleW
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrcpynW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc

user32

OpenClipboard
DestroyIcon
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
GetClipboardData
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
wsprintfW
CharNextW
MessageBoxW
CloseClipboard
GetDlgCtrlID
MapWindowPoints
SetWindowPos
PtInRect
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyWindow

gdi32

SelectObject
CreateRectRgn
GetObjectW
CombineRgn
DeleteObject
CreateCompatibleDC
GetDIBits
SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

d806a080e21508dd768fa70be247d2ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryW
GetProcAddress
GetVersionExW
GlobalFree
lstrcpyW
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
LoadLibraryA

Exports

Exports

KillProc

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:5 windows x86 arch:x86

45d25ca52c312b2254c60dbcb30342d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynW
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/csp.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:5 windows x86 arch:x86

8700d0ebbb41c81ea52718af1ab70a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
MultiByteToWideChar
lstrlenA
lstrcmpiW
lstrlenW
ExitProcess
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcpynW
GetCommandLineW
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
GetModuleHandleW
GetTickCount
GetStartupInfoW
CreatePipe
GetVersionExW
GlobalLock
DeleteFileW
lstrcatW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetProcAddress
PeekNamedPipe
GetCurrentProcess

user32

CharPrevW
CharNextW
SendMessageW
FindWindowExW
wsprintfW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/eps2003csp11v2.inf
$_2_/SetupTool.dll
.dll windows:4 windows x86 arch:x86

34d1d4a9b6df3d29445d7b4cb9f6ea66

Code Sign

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-12-2014 00:00

Not After

02-12-2029 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:df:e2:f2:94:ab:1d:b1:1e:35:e2:e2:ac:af:32:8c
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07-05-2021 00:00

Not After

06-05-2024 23:59

Subject

SERIALNUMBER=BC0861649,CN=Hypersecu Information Systems Inc.,O=Hypersecu Information Systems Inc.,L=Richmond,ST=British Columbia,C=CA,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13104272697469736820436f6c756d626961,1.3.6.1.4.1.311.60.2.1.3=#13024341

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

cc:c6:1a:e0:c2:25:24:76:9e:1d:3c:5b:a3:57:75:f0:b8:8d:21:2e
Signer

Actual PE Digest

cc:c6:1a:e0:c2:25:24:76:9e:1d:3c:5b:a3:57:75:f0:b8:8d:21:2e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
FindFirstFileW
SetLastError
lstrlenW
LocalAlloc
LocalFree
CopyFileW
GetFullPathNameW
lstrcatW
GetWindowsDirectoryW
lstrcpyW
FileTimeToSystemTime
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
RtlUnwind
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW

user32

wsprintfW

newdev

UpdateDriverForPlugAndPlayDevicesW

setupapi

SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoW
SetupDiGetDriverInfoDetailW
SetupDiDestroyDriverInfoList
SetupCopyOEMInfW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList

Exports

Exports

eb_GetDeviceVersion
eb_SetupCCID

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/eps2003csp1164.dll
.dll windows:5 windows x64 arch:x64

b73c140b879e072b5882ab05254f8789

Code Sign

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-12-2014 00:00

Not After

02-12-2029 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:df:e2:f2:94:ab:1d:b1:1e:35:e2:e2:ac:af:32:8c
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07-05-2021 00:00

Not After

06-05-2024 23:59

Subject

SERIALNUMBER=BC0861649,CN=Hypersecu Information Systems Inc.,O=Hypersecu Information Systems Inc.,L=Richmond,ST=British Columbia,C=CA,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13104272697469736820436f6c756d626961,1.3.6.1.4.1.311.60.2.1.3=#13024341

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f6:83:11:1f:de:03:8e:c7:8a:ec:2b:71:f5:7b:0b:92:f9:2a:80:fd
Signer

Actual PE Digest

f6:83:11:1f:de:03:8e:c7:8a:ec:2b:71:f5:7b:0b:92:f9:2a:80:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

eps2003csp11v2.pdb

Imports

kernel32

HeapReAlloc
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringA
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
HeapDestroy
HeapCreate
HeapSetInformation
ExitProcess
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteFile
LCMapStringW
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCommandLineA
FlsSetValue
GetSystemTimeAsFileTime
ExitThread
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlPcToFileHeader
RaiseException
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CreateThread
QueryPerformanceCounter
VirtualQuery
lstrcmpiW
GetUserDefaultLangID
CreateFileW
GetFileSize
ReadFile
ResetEvent
TerminateThread
WideCharToMultiByte
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenMutexW
LocalFree
CreateMutexW
ReleaseMutex
OpenEventW
CreateEventW
WaitForMultipleObjects
SetEvent
GetVersionExW
GetSystemInfo
GetCurrentProcessId
OutputDebugStringW
GetStdHandle
GetCurrentThread
WaitForSingleObject
MultiByteToWideChar
GetModuleFileNameW
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
SetLastError
GetTickCount
Sleep
LocalAlloc
GetCurrentProcess
CloseHandle
CompareFileTime
HeapAlloc
HeapFree
IsBadReadPtr
TlsSetValue
TlsAlloc
lstrcpyW
lstrcatW
lstrlenW
GetComputerNameExW
GetLastError
TlsGetValue
GetModuleFileNameA

user32

wsprintfW
MessageBoxW
SetWindowLongPtrW
SetTimer
GetAsyncKeyState
GetKeyboardState
ToAscii
GetWindowLongPtrW
KillTimer
GetFocus
UnhookWindowsHookEx
SendMessageW
SetWindowsHookExW
GetForegroundWindow
FindWindowW
RegisterWindowMessageW
InflateRect
SetWindowPos
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetDesktopWindow
GetWindowRect
GetWindow
GetParent
GetWindowLongW
EndDialog
CheckDlgButton
CallNextHookEx
GetDlgCtrlID
GetClassNameW
PtInRect
PostMessageW
GetDC
ReleaseDC
IsWindowEnabled
GetSystemMetrics
EnableWindow
GetWindowThreadProcessId
AttachThreadInput
SetFocus
SetForegroundWindow
SetActiveWindow
DefWindowProcW
IsWindow
SetPropW
GetPropW
CallWindowProcW
DrawTextW
SetWindowRgn
SetRect
FillRect
GetSysColor
DialogBoxParamW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
InvalidateRect
UpdateWindow
SetWindowLongW
MoveWindow
IsWindowVisible
ShowWindow
IsDlgButtonChecked
SetDlgItemTextW
GetDlgItem

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetTextExtentPoint32W
MoveToEx
SetBkColor
ExtTextOutW
DeleteDC
DeleteObject
BitBlt
CreateEllipticRgn
SetTextColor
SetBkMode
CreateFontW
SelectClipRgn
Arc
CreatePen
LineTo
TextOutW
Ellipse
GetStockObject
CreateRectRgnIndirect
CreateSolidBrush

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
OpenThreadToken
SetThreadToken
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
QueryServiceConfigW
ChangeServiceConfigW
StartServiceW
CloseServiceHandle
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext

shell32

ShellExecuteExW

ole32

CoCreateGuid

crypt32

CertAddEncodedCertificateToStore
CertSetCertificateContextProperty
CertCloseStore
CertGetNameStringW
CertFindExtension
CryptDecodeObject
CertCreateCertificateContext
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertGetIntendedKeyUsage
CryptVerifyCertificateSignature
CertOpenStore

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW

winscard

SCardTransmit
SCardBeginTransaction
SCardDisconnect
SCardReleaseContext
SCardIsValidContext
SCardReconnect
g_rgSCardT1Pci
g_rgSCardT0Pci
SCardEndTransaction
SCardListReadersA
SCardGetStatusChangeW
SCardEstablishContext
SCardStatusW
SCardConnectW

Exports

Exports

CPAcquireContext
CPCreateHash
CPDecrypt
CPDeriveKey
CPDestroyHash
CPDestroyKey
CPEncrypt
CPExportKey
CPGenKey
CPGenRandom
CPGetHashParam
CPGetKeyParam
CPGetProvParam
CPGetUserKey
CPHashData
CPHashSessionKey
CPImportKey
CPReleaseContext
CPSetHashParam
CPSetKeyParam
CPSetProvParam
CPSignHash
CPVerifySignature
C_CancelFunction
C_CloseAllSessions
C_CloseSession
C_CopyObject
C_CreateObject
C_Decrypt
C_DecryptDigestUpdate
C_DecryptFinal
C_DecryptInit
C_DecryptUpdate
C_DecryptVerifyUpdate
C_DeriveKey
C_DestroyObject
C_Digest
C_DigestEncryptUpdate
C_DigestFinal
C_DigestInit
C_DigestKey
C_DigestUpdate
C_Encrypt
C_EncryptFinal
C_EncryptInit
C_EncryptUpdate
C_Finalize
C_FindObjects
C_FindObjectsFinal
C_FindObjectsInit
C_GenerateKey
C_GenerateKeyPair
C_GenerateRandom
C_GetAttributeValue
C_GetFunctionList
C_GetFunctionStatus
C_GetInfo
C_GetMechanismInfo
C_GetMechanismList
C_GetObjectSize
C_GetOperationState
C_GetSessionInfo
C_GetSlotInfo
C_GetSlotList
C_GetTokenInfo
C_InitPIN
C_InitToken
C_Initialize
C_Login
C_Logout
C_OpenSession
C_SeedRandom
C_SetAttributeValue
C_SetOperationState
C_SetPIN
C_Sign
C_SignEncryptUpdate
C_SignFinal
C_SignInit
C_SignRecover
C_SignRecoverInit
C_SignUpdate
C_UnwrapKey
C_Verify
C_VerifyFinal
C_VerifyInit
C_VerifyRecover
C_VerifyRecoverInit
C_VerifyUpdate
C_WaitForSlotEvent
C_WrapKey
CardAcquireContext
E_GetAuxFunctionList
GetKeyStorageInterface
eb_RegKspProvider
eb_RunNoElevated
eb_StartScardSvc
eb_UnRegKspProvider

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ve_share
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/eps2003csp11v2.cat
$_2_/eps2003csp11v2.dll
.dll windows:5 windows x86 arch:x86

5bdff8ecd26fedbb5e6812af30b87826

Code Sign

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-12-2014 00:00

Not After

02-12-2029 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:df:e2:f2:94:ab:1d:b1:1e:35:e2:e2:ac:af:32:8c
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07-05-2021 00:00

Not After

06-05-2024 23:59

Subject

SERIALNUMBER=BC0861649,CN=Hypersecu Information Systems Inc.,O=Hypersecu Information Systems Inc.,L=Richmond,ST=British Columbia,C=CA,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13104272697469736820436f6c756d626961,1.3.6.1.4.1.311.60.2.1.3=#13024341

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ba:7d:30:77:15:cc:2b:c0:2a:a6:b3:a0:8c:22:c7:33:67:34:4d
Signer

Actual PE Digest

51:ba:7d:30:77:15:cc:2b:c0:2a:a6:b3:a0:8c:22:c7:33:67:34:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

eps2003csp11v2.pdb

Imports

kernel32

SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringA
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
HeapReAlloc
VirtualAlloc
VirtualFree
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetConsoleCP
GetModuleHandleA
ExitProcess
HeapSize
GetModuleFileNameA
WriteFile
LCMapStringW
TlsFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCommandLineA
GetSystemTimeAsFileTime
ExitThread
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
HeapDestroy
WriteConsoleA
WriteConsoleW
CreateFileA
CreateThread
QueryPerformanceCounter
VirtualQuery
lstrcmpiW
GetUserDefaultLangID
CreateFileW
GetFileSize
ReadFile
ResetEvent
TerminateThread
WideCharToMultiByte
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenMutexW
CreateMutexW
InterlockedDecrement
ReleaseMutex
LocalFree
OpenEventW
CreateEventW
WaitForMultipleObjects
SetEvent
GetVersionExW
GetSystemInfo
GetCurrentProcessId
OutputDebugStringW
GetStdHandle
GetCurrentThread
WaitForSingleObject
MultiByteToWideChar
InterlockedIncrement
GetModuleFileNameW
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
SetLastError
GetTickCount
Sleep
LocalAlloc
GetCurrentProcess
CloseHandle
CompareFileTime
HeapAlloc
HeapFree
IsBadReadPtr
TlsSetValue
TlsAlloc
lstrcpyW
lstrcatW
lstrlenW
GetComputerNameExW
GetLastError
TlsGetValue
HeapCreate

user32

wsprintfW
MessageBoxW
SetTimer
GetAsyncKeyState
GetKeyboardState
ToAscii
KillTimer
GetFocus
GetDlgCtrlID
PtInRect
CallNextHookEx
UnhookWindowsHookEx
SendMessageW
SetWindowsHookExW
GetForegroundWindow
FindWindowW
RegisterWindowMessageW
InflateRect
SetWindowPos
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetDesktopWindow
GetWindowRect
GetWindow
GetParent
GetWindowLongW
EndDialog
CheckDlgButton
GetClassNameW
PostMessageW
GetDC
ReleaseDC
IsWindowEnabled
GetSystemMetrics
EnableWindow
GetWindowThreadProcessId
AttachThreadInput
SetFocus
SetForegroundWindow
SetActiveWindow
DefWindowProcW
IsWindow
SetPropW
GetPropW
CallWindowProcW
DrawTextW
SetWindowRgn
SetRect
FillRect
GetSysColor
DialogBoxParamW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
InvalidateRect
UpdateWindow
SetWindowLongW
MoveWindow
IsWindowVisible
ShowWindow
IsDlgButtonChecked
SetDlgItemTextW
GetDlgItem

gdi32

MoveToEx
SetBkColor
ExtTextOutW
GetTextExtentPoint32W
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
BitBlt
CreateSolidBrush
CreateEllipticRgn
SetTextColor
SetBkMode
CreateFontW
SelectClipRgn
Arc
CreatePen
TextOutW
Ellipse
GetStockObject
CreateRectRgnIndirect
LineTo
DeleteDC

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
OpenThreadToken
SetThreadToken
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatusEx
QueryServiceConfigW
ChangeServiceConfigW
StartServiceW
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW

shell32

ShellExecuteExW

ole32

CoCreateGuid

crypt32

CertFindExtension
CryptDecodeObject
CertCreateCertificateContext
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertCloseStore
CertSetCertificateContextProperty
CertAddEncodedCertificateToStore
CertOpenStore
CertGetIntendedKeyUsage
CryptVerifyCertificateSignature
CertGetNameStringW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW

winscard

SCardTransmit
SCardBeginTransaction
SCardDisconnect
SCardReleaseContext
SCardIsValidContext
SCardReconnect
g_rgSCardT1Pci
g_rgSCardT0Pci
SCardEndTransaction
SCardListReadersA
SCardGetStatusChangeW
SCardEstablishContext
SCardStatusW
SCardConnectW

Exports

Exports

CPAcquireContext
CPCreateHash
CPDecrypt
CPDeriveKey
CPDestroyHash
CPDestroyKey
CPEncrypt
CPExportKey
CPGenKey
CPGenRandom
CPGetHashParam
CPGetKeyParam
CPGetProvParam
CPGetUserKey
CPHashData
CPHashSessionKey
CPImportKey
CPReleaseContext
CPSetHashParam
CPSetKeyParam
CPSetProvParam
CPSignHash
CPVerifySignature
C_CancelFunction
C_CloseAllSessions
C_CloseSession
C_CopyObject
C_CreateObject
C_Decrypt
C_DecryptDigestUpdate
C_DecryptFinal
C_DecryptInit
C_DecryptUpdate
C_DecryptVerifyUpdate
C_DeriveKey
C_DestroyObject
C_Digest
C_DigestEncryptUpdate
C_DigestFinal
C_DigestInit
C_DigestKey
C_DigestUpdate
C_Encrypt
C_EncryptFinal
C_EncryptInit
C_EncryptUpdate
C_Finalize
C_FindObjects
C_FindObjectsFinal
C_FindObjectsInit
C_GenerateKey
C_GenerateKeyPair
C_GenerateRandom
C_GetAttributeValue
C_GetFunctionList
C_GetFunctionStatus
C_GetInfo
C_GetMechanismInfo
C_GetMechanismList
C_GetObjectSize
C_GetOperationState
C_GetSessionInfo
C_GetSlotInfo
C_GetSlotList
C_GetTokenInfo
C_InitPIN
C_InitToken
C_Initialize
C_Login
C_Logout
C_OpenSession
C_SeedRandom
C_SetAttributeValue
C_SetOperationState
C_SetPIN
C_Sign
C_SignEncryptUpdate
C_SignFinal
C_SignInit
C_SignRecover
C_SignRecoverInit
C_SignUpdate
C_UnwrapKey
C_Verify
C_VerifyFinal
C_VerifyInit
C_VerifyRecover
C_VerifyRecoverInit
C_VerifyUpdate
C_WaitForSlotEvent
C_WrapKey
CardAcquireContext
E_GetAuxFunctionList
GetKeyStorageInterface
eb_RegKspProvider
eb_RunNoElevated
eb_StartScardSvc
eb_UnRegKspProvider

Sections

.text
Size: 636KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ve_share
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/eps2003csp11v2.inf
CCID/SetupTool.dll
.dll windows:4 windows x86 arch:x86

34d1d4a9b6df3d29445d7b4cb9f6ea66

Code Sign

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-12-2014 00:00

Not After

02-12-2029 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:df:e2:f2:94:ab:1d:b1:1e:35:e2:e2:ac:af:32:8c
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07-05-2021 00:00

Not After

06-05-2024 23:59

Subject

SERIALNUMBER=BC0861649,CN=Hypersecu Information Systems Inc.,O=Hypersecu Information Systems Inc.,L=Richmond,ST=British Columbia,C=CA,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13104272697469736820436f6c756d626961,1.3.6.1.4.1.311.60.2.1.3=#13024341

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

cc:c6:1a:e0:c2:25:24:76:9e:1d:3c:5b:a3:57:75:f0:b8:8d:21:2e
Signer

Actual PE Digest

cc:c6:1a:e0:c2:25:24:76:9e:1d:3c:5b:a3:57:75:f0:b8:8d:21:2e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
FindFirstFileW
SetLastError
lstrlenW
LocalAlloc
LocalFree
CopyFileW
GetFullPathNameW
lstrcatW
GetWindowsDirectoryW
lstrcpyW
FileTimeToSystemTime
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
RtlUnwind
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW

user32

wsprintfW

newdev

UpdateDriverForPlugAndPlayDevicesW

setupapi

SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoW
SetupDiGetDriverInfoDetailW
SetupDiDestroyDriverInfoList
SetupCopyOEMInfW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList

Exports

Exports

eb_GetDeviceVersion
eb_SetupCCID

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

cd:df:e2:f2:94:ab:1d:b1:1e:35:e2:e2:ac:af:32:8cCertificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

c3:86:e9:12:62:43:d3:43:62:3d:94:2f:2e:e6:6a:b4:b0:46:22:e1:4e:b6:fd:da:f7:79:32:9f:6a:c7:1a:cbSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 708KB

.rsrc Size: 7KB - Virtual size: 7KB

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

d806a080e21508dd768fa70be247d2ae

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

cd:df:e2:f2:94:ab:1d:b1:1e:35:e2:e2:ac:af:32:8c
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

c3:86:e9:12:62:43:d3:43:62:3d:94:2f:2e:e6:6a:b4:b0:46:22:e1:4e:b6:fd:da:f7:79:32:9f:6a:c7:1a:cb
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 708KB

.rsrc
Size: 7KB - Virtual size: 7KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 899B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 574B

.text
Size: 1024B - Virtual size: 696B

.rdata
Size: 1024B - Virtual size: 753B

.data
Size: 512B - Virtual size: 48B

.reloc
Size: 512B - Virtual size: 240B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 454B

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

cd:df:e2:f2:94:ab:1d:b1:1e:35:e2:e2:ac:af:32:8c
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

cc:c6:1a:e0:c2:25:24:76:9e:1d:3c:5b:a3:57:75:f0:b8:8d:21:2e
Signer

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 3KB

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

cd:df:e2:f2:94:ab:1d:b1:1e:35:e2:e2:ac:af:32:8c
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate