b55ce17f8fe0b405f5b7f0dbd4fa2dee

Sharing

Copy URL

Twitter E-mail

General

Target

b55ce17f8fe0b405f5b7f0dbd4fa2dee
Size

1.1MB
MD5

b55ce17f8fe0b405f5b7f0dbd4fa2dee
SHA1

902a5b6c6fa9ed542f4e3fb1869f823b2658659a
SHA256

29664a072c5c463488c9d2c5b188ad9234ea50cf4b12b0260f4ff787b41dbc51
SHA512

7e2560ad8728ef6462cafdf2598996e3cfb296144dd3b0ac7147149d1aa6d3a2ebcf7f4409eb9007eaabe7c810d5b8d2906c8a121b5b6298f6911e525d08ffc9
SSDEEP

24576:+NyiD8e/zcT+7oKvO4cJtae9+OTMupsLJw7u:+PDlzw+7cODups1w7u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b55ce17f8fe0b405f5b7f0dbd4fa2dee

Files

b55ce17f8fe0b405f5b7f0dbd4fa2dee
.dll windows:4 windows x86 arch:x86

ef1671f0d6c2de35f850b26304d38c22

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\PackageBuilds\buildrobot_css_4.1.0.65_view\css\out\Win32\bin\acAuth.pdb

Imports

kernel32

IsBadWritePtr
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
LoadLibraryA
HeapSize
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
VirtualProtect
GetSystemInfo
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetCurrentDirectoryA
GetCurrentDirectoryA
VirtualAlloc
GetCPInfo
GetOEMCP
GetACP
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
GetFullPathNameA
GetNumberOfConsoleInputEvents
PeekConsoleInputA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
SetEndOfFile
SetFilePointer
SetStdHandle
FlushFileBuffers
WriteFile
UnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetCurrentThreadId
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapAlloc
HeapFree
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThread
GetLastError
SetLastError
TlsAlloc
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetProcAddress
ExitProcess
GetVersionExA
GetCommandLineA
GetTimeZoneInformation
SetConsoleCtrlHandler
FlushConsoleInputBuffer
GlobalMemoryStatus
FindClose
FindFirstFileA
FindNextFileA
FormatMessageW
LocalFree
CreateFileA
GetCommState
SetCommState
GetCommTimeouts
SetCommTimeouts
WaitForMultipleObjects
PulseEvent
ReadFile
CancelIo
ResetEvent
GetOverlappedResult
CreateThread
SystemTimeToFileTime
GetSystemTime
Sleep
CreateMutexW
CloseHandle
WaitForSingleObject
ReleaseMutex
CreateEventW
DeviceIoControl
CreateFileW
GetVersion
FreeLibrary
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
PurgeComm
GetCommModemStatus
SetEvent
ExitThread
SetThreadPriority
WriteConsoleA

ws2_32

inet_addr

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertOpenStore
CryptAcquireCertificatePrivateKey
CertGetCertificateContextProperty
CertCloseStore

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA

iphlpapi

DeleteIpNetEntry
IpRenewAddress
GetInterfaceInfo
GetAdaptersInfo
SendARP
GetIpNetTable
IpReleaseAddress

gdi32

GetBitmapBits
BitBlt
DeleteDC
GetObjectA
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateDCA
DeleteObject
CreateCompatibleDC

advapi32

GetUserNameA
CryptDecrypt
CryptSetProvParam
CryptCreateHash
CryptSetHashParam
CryptSignHashW
CryptDestroyHash
CryptExportKey
CryptGenRandom
CryptAcquireContextW
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptAcquireContextA
CryptGetProvParam
CryptReleaseContext
CryptGetUserKey
CryptGetKeyParam
CryptDestroyKey

ole32

CoCreateInstance
CoUninitialize
CoTaskMemFree
CoInitialize

user32

TranslateMessage
DispatchMessageA
DestroyWindow
PostQuitMessage
GetMessageA
MessageBoxIndirectA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
CreateWindowExA
UnregisterClassA
SendNotifyMessageA
RegisterClassA
DefWindowProcA

Exports

Exports

ac8021xCfg
ac8021xGetCfg
ac8021xGetCfgDefault
ac8021xGetStats
ac8021xInit
acCcxEnable
acCcxGetIpAddr
acCcxGetRadioCfg
acCcxGetRogueApTimeout
acCcxGetRogueApTimeoutDefault
acCcxInit
acCcxIpAddr
acCcxIsEnabled
acCcxRadioCfg
acCcxRogueApTimeout
acCertCreate
acCertDestroy
acCertGetField
acCertUrlFileString
acCertUrlWin32String
acCredCcxRogueAP
acCredComplete
acCredDeferred
acCredEapFASTPac
acCredEapFASTPacTypes
acCredEapFASTProvisionModes
acCredEapMethods
acCredEapSIM
acCredEapTTLSTunnelMethod
acCredGetEapFASTAID
acCredGetEapFASTMode
acCredGetEapFASTPacAID
acCredGetEapFASTPacAIDInfo
acCredGetEapFASTPacIID
acCredGetEapFASTPacKey
acCredGetEapFASTPacLifeTime
acCredGetEapFASTPacOpaque
acCredGetEapFASTPacType
acCredGetEapMethod
acCredGetEapNotification
acCredGetEapSIMAltIdentity
acCredGetIdentityPrompt
acCredGetPasswordPrompt
acCredIdentity
acCredMachineIdentity
acCredPassword
acCredRsnPsk
acCredServerGetField
acCredServerVerified
acCredServerVerifyCA
acCredServerVerifyChain
acCredServerVerifyDomain
acCredServerVerifyField
acCredSessionStart
acCredUserCert
acDebugEnable
acDebugIsEnabled
acDebugLevelString
acDebugSet
acDriverVersion
acEapFASTInit
acEapFASTPacCreate
acEapFASTPacDestroy
acEapGTCInit
acEapInitAll
acEapLEAPInit
acEapMD5Init
acEapMSCHAPv2Init
acEapMethodGetName
acEapMethodGetNext
acEapPEAPInit
acEapSIMCreate
acEapSIMDestroy
acEapSIMInit
acEapSIMMinChallenge
acEapTLSInit
acEapTTLSInit
acErrorString
acEventString
acExit
acGetNextPortSymName
acGetPortAttr
acGetPortSsidList
acIdentityCreate
acIdentityDestroy
acInit
acIpDhcpIsEnabled
acIpDhcpRelease
acIpDhcpRenew
acIpGetConfig
acIpIsConnected
acLogEnable
acLogIsEnabled
acLogLevelString
acLogSet
acNetCallback
acPasswordCreate
acPasswordDestroy
acPinCreate
acPinDestroy
acPortAdhoc
acPortAssociate
acPortAttach
acPortAuth
acPortAuthModeString
acPortDetach
acPortDisassociate
acPortGetAssociationInfo
acPortGetLinkSpeed
acPortGetLinkState
acPortGetLinkStats
acPortGetNasInfo
acPortGetNextSsid
acPortGetState
acPortGetStatus
acPortLinkStateString
acPortNdisRequest
acPortRadioOff
acPortReAuth
acPortSsidProbe
acPortSsidScan
acPortStateString
acPortStatusString
acPortStop
acRsnBinPskCreate
acRsnInit
acRsnProbeIeVerifyEnable
acRsnProbeIeVerifyIsEnabled
acRsnPskCreate
acRsnPskDestroy
acSimCardGetCHV1IsEnabled
acSimCardGetCHV1RemainingAttempts
acSimCardGetNext
acSimCardGetReader
acSimCardGetSPN
acSmartCardGetNext
acSmartCardGetNextCert
acSmartCardGetRegisteredName
acSmartCardInit
acTlvAttach
acTlvCtl
acTlvDetach
acTlvInit
acTlvLog
acTlvRecv
acTlvSend
acVersion
acWzcEnable
acWzcIsEnabled

Sections

.text
Size: 836KB - Virtual size: 834KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef1671f0d6c2de35f850b26304d38c22

Headers

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

crypt32

setupapi

iphlpapi

gdi32

advapi32

ole32

user32

Exports

Exports

Sections

.text Size: 836KB - Virtual size: 834KB

.rdata Size: 184KB - Virtual size: 180KB

.data Size: 64KB - Virtual size: 87KB

.rsrc Size: 4KB - Virtual size: 712B

.reloc Size: 48KB - Virtual size: 45KB

.text
Size: 836KB - Virtual size: 834KB

.rdata
Size: 184KB - Virtual size: 180KB

.data
Size: 64KB - Virtual size: 87KB

.rsrc
Size: 4KB - Virtual size: 712B

.reloc
Size: 48KB - Virtual size: 45KB