29e2442e4b3576e6c5dc910fa7fadd6dbdaab814c91efccffc61420ce77a3353

Sharing

Copy URL Twitter E-mail

General

Target

29e2442e4b3576e6c5dc910fa7fadd6dbdaab814c91efccffc61420ce77a3353
Size

312KB
MD5

bdc4c57817c09b6682cc0723eecb8744
SHA1

cf69b94b2d1c2610708f299c8d3a261a376af5fe
SHA256

29e2442e4b3576e6c5dc910fa7fadd6dbdaab814c91efccffc61420ce77a3353
SHA512

1a4b2ac98f08a44940ecf6313e06c989d7ba900a4b64d394762ca20738b013a79376fad5590b56772bb73d7078a5ccee0f412778e3fb00a3fd884aef1f3765ed
SSDEEP

6144:1LEqmiuCZ1dhXaP7g78TT9P98QqqFcESeDhsTZI8M8FgUMI:qkJhXake5FpqqFOeDLP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29e2442e4b3576e6c5dc910fa7fadd6dbdaab814c91efccffc61420ce77a3353

Files

29e2442e4b3576e6c5dc910fa7fadd6dbdaab814c91efccffc61420ce77a3353
.dll windows:5 windows x86 arch:x86

3e65a06e9b1867a9923581881b891f3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\ZT\Backup\code\ZTC\Release\ZTPinpad.pdb

Imports

kernel32

GetProcAddress
GetLocalTime
LoadLibraryA
GetModuleFileNameA
GetLastError
GetFileSize
SetFilePointer
WriteFile
Sleep
ReadFile
FlushFileBuffers
GetPrivateProfileStringA
CloseHandle
GetFileAttributesA
GetCurrentProcess
CreateFileA
FreeLibrary
SetEnvironmentVariableA
CompareStringW
CreateFileW
CreateDirectoryA
GetSystemTimeAsFileTime
GetCurrentThreadId
DecodePointer
GetCommandLineA
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
WideCharToMultiByte
GetTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
RtlUnwind
MultiByteToWideChar
GetConsoleCP
GetConsoleMode
HeapAlloc
RaiseException
ExitProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LCMapStringW
GetStringTypeW
SetStdHandle
IsProcessorFeaturePresent
WriteConsoleW
HeapSize
GetModuleFileNameW
HeapReAlloc
LoadLibraryW
SetEndOfFile
GetProcessHeap

user32

PostMessageA

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Exports

Exports

AutoEnlargeKey
DeletePinpadObject
InstancePinpad

Sections

.text
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3e65a06e9b1867a9923581881b891f3c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

version

Exports

Exports

Sections

.text Size: 203KB - Virtual size: 202KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 203KB - Virtual size: 202KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB

.rmnet
Size: 56KB - Virtual size: 60KB