c2da04dbb2f03d47cbfcc4d7e4a0546e95106775f141cf000d8ddc1a2c4665d0

Sharing

Copy URL Twitter E-mail

General

Target

c2da04dbb2f03d47cbfcc4d7e4a0546e95106775f141cf000d8ddc1a2c4665d0
Size

1.0MB
MD5

5ca0e9ed9e37e67812fd895f6e2f720d
SHA1

f44d531bdcb09e391db8d4a5deb3ad32773274d5
SHA256

c2da04dbb2f03d47cbfcc4d7e4a0546e95106775f141cf000d8ddc1a2c4665d0
SHA512

9666330ff6271a238e9e69c6c43266fef18b882c0096b8b64113c23be029352c37bcf46bbe393fd1e36b2671d624273435943771abd5d63a19815de44e05f9eb
SSDEEP

12288:PRe6fQ4blX2/t9mEU/w3QjyT3hkoMg5ctJust+JDA4GEPf3wvfd5VvaqM:PRe6fTboPqfa3hkoM5ust+JD2MwV5VB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2da04dbb2f03d47cbfcc4d7e4a0546e95106775f141cf000d8ddc1a2c4665d0

Files

c2da04dbb2f03d47cbfcc4d7e4a0546e95106775f141cf000d8ddc1a2c4665d0
.dll windows:5 windows x86 arch:x86

a2f35a511a72cb13e55ab086b3ccce13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\接口组SVN\Product\跨省异地就医接口库\通用库\trunk\code\项目开发\SSCardDriver_V1.0.3.23\Release\SSCardDriver.pdb

Imports

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo

hid

HidD_GetAttributes
HidD_GetHidGuid
HidD_GetPreparsedData
HidP_GetCaps
HidP_SetUsages

gdiplus

GdipAlloc
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdiplusShutdown
GdiplusStartup
GdipFree

kernel32

TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCommandLineW
GetCommandLineA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
DeleteFileW
ReadConsoleW
SetEndOfFile
WriteConsoleW
SetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryA
GetPrivateProfileIntA
GetLastError
Sleep
WideCharToMultiByte
CreateThread
GetCurrentThreadId
TerminateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
WaitForMultipleObjects
CreateEventA
GetModuleHandleA
SetConsoleCtrlHandler
GetModuleFileNameA
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
FindClose
DeleteFileA
FindFirstFileA
FindNextFileA
DecodePointer
HeapAlloc
GetStartupInfoW
HeapFree
HeapSize
GetProcessHeap
RaiseException
GetOverlappedResult
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObject
WriteFile
ReadFile
FlushFileBuffers
CloseHandle
CreateFileA
CancelIo
SetLastError
CreateDirectoryW
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetCurrentProcess
GetStdHandle
GetACP
ExitProcess
GetTimeZoneInformation
GetFileType
CreateFileW
GetConsoleMode
GetConsoleCP
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
InterlockedFlushSList
GetModuleFileNameW
LoadLibraryExW
RtlUnwind
OutputDebugStringW
QueryPerformanceCounter
GetCurrentProcessId
HeapReAlloc
EncodePointer
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeSListHead

user32

DestroyWindow
MoveWindow
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SendInput
PostThreadMessageA
DispatchMessageA
TranslateMessage
GetMessageA
FindWindowA
MessageBoxA
GetWindowRect
SetWindowTextA
GetSystemMetrics
GetDlgItemTextA
GetDlgItem
EndDialog
DialogBoxParamA
SetWindowPos
SetFocus

advapi32

SystemFunction036

Exports

Exports

ReadQRcode
iChangePIN
iDoDebit
iDoDebit_HSM_Step1
iDoDebit_HSM_Step2
iGetBankNum
iGetDevID
iGetDevUID
iGetDeviceType
iGetKSAuthID
iGetPSAMCardInfo
iGetPassword
iGetReaderInfo
iGetScanID
iRPbocAccount
iReadCard
iReadCardATR
iReadCardBas
iReadCardBas_HSM_Step1
iReadCardBas_HSM_Step2
iReadCardType
iReadCard_HSM_Step1
iReadCard_HSM_Step2
iReadCertInfo
iReadDebitRecord
iReadDriverInfo
iReadSFZ
iReadScanCode
iReloadPIN
iReloadPIN_HSM_Step1
iReloadPIN_HSM_Step2
iReloadPIN_HSM_Step3
iSetPin
iTsDll
iUnblockPIN
iUnblockPIN_HSM_Step1
iUnblockPIN_HSM_Step2
iUnblockPIN_HSM_Step3
iVerifyPIN
iWriteCard
iWriteCard_HSM_Step1
iWriteCard_HSM_Step2

Sections

.text
Size: 706KB - Virtual size: 706KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a2f35a511a72cb13e55ab086b3ccce13

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

hid

gdiplus

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 706KB - Virtual size: 706KB

.rdata Size: 201KB - Virtual size: 200KB

.data Size: 10KB - Virtual size: 17KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 53KB - Virtual size: 52KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 706KB - Virtual size: 706KB

.rdata
Size: 201KB - Virtual size: 200KB

.data
Size: 10KB - Virtual size: 17KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 53KB - Virtual size: 52KB

.rmnet
Size: 56KB - Virtual size: 60KB