e06bc5e46f32321a4849b6367bcfff4a684914550c77403cc506f83ed0a2cd3a

Sharing

Copy URL Twitter E-mail

General

Target

e06bc5e46f32321a4849b6367bcfff4a684914550c77403cc506f83ed0a2cd3a
Size

1.7MB
MD5

ccbcc5df5e4660ccaf3ecd74c8fba5c5
SHA1

6286c67bda90a31a7e608100b5358e61d65ff89a
SHA256

e06bc5e46f32321a4849b6367bcfff4a684914550c77403cc506f83ed0a2cd3a
SHA512

da1454e980e2a1a0df5d112f739d64741e3d4706789a4eea1ffff9d008459cce7b63c29ed864e68cec08fa3bed077f5e3aee45317d8a761177c233e510ce4e76
SSDEEP

49152:yaPPPtOHCvpEwv8wTG9QrOGyZgcyAvQYR3Q7XJv:yaPPPM6pEWTGLGGr30XJv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e06bc5e46f32321a4849b6367bcfff4a684914550c77403cc506f83ed0a2cd3a

Files

e06bc5e46f32321a4849b6367bcfff4a684914550c77403cc506f83ed0a2cd3a
.dll windows:5 windows x86 arch:x86

3bc8ffc122cb848ee85fba740bb8883d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\项目\天梦者通用开发包\windows开发包\TMZwindow开发包\tmz\Release\tmz.pdb

Imports

kernel32

CompareStringW
GetDriveTypeW
GetTimeZoneInformation
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetLastError
HeapFree
HeapAlloc
GetFileAttributesA
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
HeapSize
RaiseException
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
InitializeCriticalSectionAndSpinCount
RtlUnwind
MultiByteToWideChar
ReadFile
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryW
HeapReAlloc
LCMapStringW
GetStringTypeW
SetStdHandle
IsProcessorFeaturePresent
WriteConsoleW
FlushFileBuffers
SetEndOfFile
GetProcessHeap
CreateFileW
SetupComm
GetCommState
WaitForSingleObject
SetEvent
SetCommState
SetCommTimeouts
CreateEventA
GetOverlappedResult
ResetEvent
CancelIo
PurgeComm
GetWindowsDirectoryA
GetDriveTypeA
CreateDirectoryA
GetLogicalDriveStringsA
RemoveDirectoryA
GetLocalTime
GetCurrentDirectoryA
GetFullPathNameA
FindClose
FindNextFileA
FindFirstFileExA
CloseHandle
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
IsValidCodePage
GetProcAddress
WideCharToMultiByte
WriteFile
FreeLibrary
MoveFileExA
CreateFileA
DeleteFileA
GetTempPathA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetConsoleCP
Sleep
FileTimeToSystemTime
FileTimeToLocalFileTime
SetEnvironmentVariableA

shlwapi

PathRemoveFileSpecA

hid

HidD_SetFeature
HidD_GetPreparsedData
HidP_GetCaps
HidD_GetFeature
HidD_FreePreparsedData
HidD_GetAttributes
HidD_GetHidGuid

setupapi

SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces

user32

GetDC
ReleaseDC
LoadImageA

gdi32

CreateFontA
GetDIBits
SetBkColor
CreateBitmap
SetBkMode
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SetDIBits
SetTextCharacterExtra
GetObjectA
TextOutA
BitBlt
SetTextColor
SetViewportOrgEx
SelectObject

Exports

Exports

Asc2Hex
CPUCardAPDU
CPUPowerOff
CPUPowerOn
GetCardState
GetCardStateEx
GetGAModeID
GetIDCardFullBmp
GetIDCardUID
Hex2Asc
ICCSetResetBaud
ICCheckCardType
ICPwdChange
ICPwdCheck
ICRead
ICReaderBeep
ICReaderClose
ICReaderDevStatus
ICReaderGetVer
ICReaderOpen
ICReaderReadDevSnr
ICReaderReadEeprom
ICReaderSetBaud
ICReaderWriteDevSnr
ICReaderWriteEeprom
ICWrite
KBClose
KBGetKBVoice
KBGetPin
KBGetVer
KBOpen
ParseIDCardInfo
ParseIDCardPic
RFICAuth
RFICBlockRead
RFICBlockWrite
RFICDecrement
RFICIncrement
RFICInitval
RFICOpenCard
RFICReadval
RFICTransfer
ReadIDCardBaseInfo
ReadIDCardBaseMsg
ReadMagCard
SetMagCardMode
T5557ReadBlock
T5557ReadBlockPwd
T5557ReadPage
T5557WriteBlock
T5557WriteBlockPwd

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3bc8ffc122cb848ee85fba740bb8883d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shlwapi

hid

setupapi

user32

gdi32

Exports

Exports

Sections

.text Size: 130KB - Virtual size: 130KB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 13KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 130KB - Virtual size: 130KB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 13KB

.rmnet
Size: 56KB - Virtual size: 60KB