1c4e6c378bb66267bb3e2613e687244479897f9fa9ffffe3fa3888f7314e7fe9

Sharing

Copy URL Twitter E-mail

General

Target

1c4e6c378bb66267bb3e2613e687244479897f9fa9ffffe3fa3888f7314e7fe9
Size

532KB
MD5

98b8ce87b460cdfa45ee8d127c634061
SHA1

e5516333513f6565a874cb0bf54d464ed6796848
SHA256

1c4e6c378bb66267bb3e2613e687244479897f9fa9ffffe3fa3888f7314e7fe9
SHA512

6785a2395105a5a394e6fa618f70262e0bae5bb17bfdeb32879dd82a853ea1ef4793bb61db81757c896050d1d999eace9fde6df57ed3a1bc9943f9175e2e3ccb
SSDEEP

6144:El27E9UpTw/pZTCsrYdZW+Y7PSNC3zpA9h4Pn2FdFKF5DUlMAAOzliqlgAxVul1M:EkCagvz7GazpAfcn2UF5DUTdeAzunM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c4e6c378bb66267bb3e2613e687244479897f9fa9ffffe3fa3888f7314e7fe9

Files

1c4e6c378bb66267bb3e2613e687244479897f9fa9ffffe3fa3888f7314e7fe9
.dll windows:5 windows x86 arch:x86

8572d96e7a248b58954e29900890feb9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\CodeTecsun\SVN\小终端\甘肃\全省\通用_通用_跨省异地就医接口库\trunk\code\项目开发\SSCardExt_V1.0.0.9\Release\SSCardDriver_TS.pdb

Imports

kernel32

SetEndOfFile
HeapSize
ReadConsoleW
WriteConsoleW
CreateFileW
SetStdHandle
GetCommandLineW
GetCommandLineA
MultiByteToWideChar
GetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
GetPrivateProfileStringA
WideCharToMultiByte
SetConsoleCtrlHandler
EnterCriticalSection
WaitForMultipleObjects
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetModuleHandleA
Sleep
SetEvent
TerminateThread
CreateThread
DeleteCriticalSection
CreateEventA
GetModuleFileNameA
GetPrivateProfileIntA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
SetFilePointerEx
ReadFile
GetProcessHeap
CreateDirectoryW
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetACP
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
CloseHandle
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlUnwind
RaiseException
LoadLibraryExW
GetModuleFileNameW
InterlockedFlushSList
ExitProcess
GetModuleHandleExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetTimeZoneInformation
HeapAlloc
HeapReAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType

user32

GetMessageA
DispatchMessageA
CallNextHookEx
PostThreadMessageA
SetWindowsHookExA
UnhookWindowsHookEx
TranslateMessage
SendInput
EndDialog
MessageBoxA
FindWindowA

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

advapi32

SystemFunction036

Exports

Exports

GetCardInfo
ReadCardT
WriteCardT
iChangePIN
iDoDebit
iDoDebit_HSM_Step1
iDoDebit_HSM_Step2
iGetPassword
iGetQRBase
iGetReaderInfo
iReadCard
iReadCardBas
iReadCardBas_HSM_Step1
iReadCardBas_HSM_Step2
iReadCard_HSM_Step1
iReadCard_HSM_Step2
iReadDebitRecord
iReadSFZ
iReloadPIN
iReloadPIN_HSM_Step1
iReloadPIN_HSM_Step2
iReloadPIN_HSM_Step3
iUnblockPIN
iUnblockPIN_HSM_Step1
iUnblockPIN_HSM_Step2
iUnblockPIN_HSM_Step3
iVerifyPIN
iWriteCard
iWriteCard_HSM_Step1
iWriteCard_HSM_Step2

Sections

.text
Size: 321KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8572d96e7a248b58954e29900890feb9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

setupapi

advapi32

Exports

Exports

Sections

.text Size: 321KB - Virtual size: 320KB

.rdata Size: 118KB - Virtual size: 117KB

.data Size: 6KB - Virtual size: 12KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 27KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 321KB - Virtual size: 320KB

.rdata
Size: 118KB - Virtual size: 117KB

.data
Size: 6KB - Virtual size: 12KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 27KB

.rmnet
Size: 56KB - Virtual size: 60KB