f09a5e42dfd115e859b67ad1de91c48ec7f8b8114576fe90fa8f4ecca4f6fa9e

Sharing

Copy URL

Twitter E-mail

General

Target

f09a5e42dfd115e859b67ad1de91c48ec7f8b8114576fe90fa8f4ecca4f6fa9e
Size

2.9MB
MD5

b509823aa77e506ef7f0c5079f8c9ea1
SHA1

4c70055419f70a1604bf5c11d3b3ce77210faa00
SHA256

f09a5e42dfd115e859b67ad1de91c48ec7f8b8114576fe90fa8f4ecca4f6fa9e
SHA512

0b2c5a9a3905396c2e0f0e9faf4266f6fd8796e9a33aa4ac0fe4da4710b04a9781e58605dabf9ab2c9628b541c0554eb98f92139295510ee9456f245d5043762
SSDEEP

49152:3Uqe0uPQSgQ/NiFJrpIJXSu0Xqy8i4KAqJZCfhdEPT:3UqepjAr4iu06y8i4vc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f09a5e42dfd115e859b67ad1de91c48ec7f8b8114576fe90fa8f4ecca4f6fa9e

Files

f09a5e42dfd115e859b67ad1de91c48ec7f8b8114576fe90fa8f4ecca4f6fa9e
.dll windows:5 windows x86 arch:x86

4d4bbd351e87b5f612ba287c9b77658c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\projects\01.MagicAPI\DSToolkitV3\proj\vs2008\bin32\DSCToolkitV30-v3.4.2.25.pdb

Imports

shlwapi

PathFindFileNameA
PathFindExtensionA
PathFileExistsA

wsock32

recv
__WSAFDIsSet
WSAGetLastError
select
closesocket
gethostbyname
htons
socket
htonl
ioctlsocket
ntohl
WSAStartup
inet_addr
connect
send

crypt32

CertEnumCertificatesInStore
CertCreateCertificateContext
CryptDecodeObjectEx
CertFreeCertificateContext
CertAddCertificateContextToStore
CertCloseStore
PFXImportCertStore
CertGetIssuerCertificateFromStore
CertGetCertificateContextProperty
CertDuplicateStore
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenSystemStoreA

advapi32

CryptGetUserKey
CryptDestroyKey
CryptAcquireContextA
CryptReleaseContext
CryptExportKey

user32

PostQuitMessage
DestroyMenu
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
SetWindowTextA
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowThreadProcessId
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
GetWindowTextA
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
SendMessageA
GetKeyState
PeekMessageA
ValidateRect
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetFocus
GetMessageTime
GetCursorPos
GetMenuItemCount
GetSubMenu

kernel32

GlobalHandle
InitializeCriticalSection
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetModuleFileNameA
CreateDirectoryA
ReadFile
WriteFile
SetFilePointer
GetFileSize
CreateFileA
ReleaseMutex
WaitForSingleObject
CloseHandle
CreateMutexA
GetTickCount
QueryPerformanceCounter
GetCurrentThread
GetThreadTimes
GetCurrentProcess
GetProcessWorkingSetSize
GlobalMemoryStatus
GetStartupInfoA
LockResource
MultiByteToWideChar
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceA
LocalFree
FormatMessageA
lstrcmpA
LoadLibraryA
GetProcAddress
GetLastError
GetCurrentProcessId
GlobalFree
GetCurrentThreadId
FreeLibrary
SetErrorMode
GlobalGetAtomNameA
CompareStringA
GetModuleHandleW
InterlockedIncrement
GetVersionExA
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalFlags
DeleteFileA
FlushFileBuffers
SetEndOfFile
TlsAlloc
SetEnvironmentVariableA
CompareStringW
GetProcessHeap
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetACP
GetStdHandle
VirtualFree
HeapDestroy
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ExitProcess
Sleep
HeapSize
VirtualAlloc
RaiseException
RtlUnwind
GetDateFormatA
GetTimeFormatA
HeapReAlloc
GetTimeZoneInformation
GetCommandLineA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
GetOEMCP
GetCPInfo
lstrlenA
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalReAlloc
GetModuleHandleA
GetModuleFileNameW
InterlockedDecrement
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GetLocaleInfoA

oleaut32

SysAllocStringLen
VariantClear
VariantChangeType
VariantInit

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

SetMapMode
RestoreDC
SaveDC
DeleteObject
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
GetDeviceCaps
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

Exports

Exports

DSTK_API_Exit
DSTK_API_Finish
DSTK_API_GetErrInfo
DSTK_API_GetInfo
DSTK_API_Init
DSTK_API_SetAPIMode
DSTK_API_SetConfFile
DSTK_API_SetHashAlgo
DSTK_BASE64_Decode
DSTK_BASE64_Encode
DSTK_BINSTR_Create
DSTK_BINSTR_Delete
DSTK_BINSTR_SetData
DSTK_CERT_AddTrustedCert
DSTK_CERT_CheckStatByCRL
DSTK_CERT_FreeCaPubs
DSTK_CERT_GetAIA
DSTK_CERT_GetAuthKeyID
DSTK_CERT_GetBasicConstraints
DSTK_CERT_GetCRLDP
DSTK_CERT_GetCRLDP_URL
DSTK_CERT_GetCertPolicy
DSTK_CERT_GetCertPolicy_PolicyID
DSTK_CERT_GetExtKeyUsage
DSTK_CERT_GetIssuerAltName
DSTK_CERT_GetIssuerName
DSTK_CERT_GetKeyUsage
DSTK_CERT_GetPolicyConstraints
DSTK_CERT_GetPubKey
DSTK_CERT_GetPubKey2
DSTK_CERT_GetRemainDays
DSTK_CERT_GetSerialNum
DSTK_CERT_GetSerialNum2
DSTK_CERT_GetSignature
DSTK_CERT_GetSignature2
DSTK_CERT_GetSignatureAlgorithm
DSTK_CERT_GetSubKeyID
DSTK_CERT_GetSubjectAltName
DSTK_CERT_GetSubjectAltName_IdentifyData_RealName
DSTK_CERT_GetSubjectName
DSTK_CERT_GetSubjectName_DERFormat
DSTK_CERT_GetUID
DSTK_CERT_GetValidity
DSTK_CERT_GetValidity2
DSTK_CERT_GetVersion
DSTK_CERT_Load
DSTK_CERT_SetCaPubs
DSTK_CERT_SetVerifyEnv1
DSTK_CERT_SetVerifyEnv2
DSTK_CERT_Unload
DSTK_CERT_Verify
DSTK_CERT_Verify2
DSTK_CERT_VerifyByIVS
DSTK_CMP_CertRecovery
DSTK_CMP_CertRequest
DSTK_CMP_CertRequest2
DSTK_CMP_CertRevoke
DSTK_CMP_CertRevoke2
DSTK_CMP_CertUpdate
DSTK_CMP_CertUpdate2
DSTK_CMP_SetCA
DSTK_CMP_SetProtocol
DSTK_CMS_AddSigner
DSTK_CMS_AddUnsignedAttr
DSTK_CMS_ComposeSignedAndEnvData
DSTK_CMS_ComposeSignedData
DSTK_CMS_DecryptData
DSTK_CMS_DecryptFile
DSTK_CMS_DecryptFile_WithContent
DSTK_CMS_EncryptData
DSTK_CMS_EncryptDataWithMultiReps
DSTK_CMS_EncryptFile
DSTK_CMS_EncryptFile_WithContent
DSTK_CMS_GetEnvDataRecipCnt
DSTK_CMS_GetEnvDataRecipInfo
DSTK_CMS_GetSignerCert
DSTK_CMS_GetSignerCert1
DSTK_CMS_MakeEncryptedData
DSTK_CMS_MakeEnvelopedData
DSTK_CMS_MakeEnvelopedDataWithMultiRecipients
DSTK_CMS_MakeEnvelopedData_File
DSTK_CMS_MakeEnvelopedData_WithContent_File
DSTK_CMS_MakeSignedAndEnvData
DSTK_CMS_MakeSignedData
DSTK_CMS_MakeSignedDataWithAddSigner
DSTK_CMS_MakeSignedData_File
DSTK_CMS_MakeSignedData_WithContent_File
DSTK_CMS_MakeTBSData
DSTK_CMS_MakeTBSDataWithAddSigner
DSTK_CMS_MakeTBSEData
DSTK_CMS_ProcessEncryptedData
DSTK_CMS_ProcessEnvelopedData
DSTK_CMS_ProcessEnvelopedData_File
DSTK_CMS_ProcessEnvelopedData_WithContent_File
DSTK_CMS_ProcessSignedAndEnvData
DSTK_CMS_ProcessSignedData
DSTK_CMS_ProcessSignedData_File
DSTK_CMS_ProcessSignedData_File2
DSTK_CMS_ProcessSignedData_WithContent_File
DSTK_CMS_SetOption
DSTK_CMS_SignAndEncData
DSTK_CMS_SignData
DSTK_CMS_SignFile
DSTK_CMS_SignFile_WithContent
DSTK_CMS_VerifyAndDecData
DSTK_CMS_VerifyData
DSTK_CMS_VerifyFile
DSTK_CMS_VerifyFile_WithContent
DSTK_CMS_VerifyFile_WithContent2
DSTK_CRYPT_AsymDecrypt
DSTK_CRYPT_AsymEncrypt
DSTK_CRYPT_ClearKeyAndIV
DSTK_CRYPT_Decrypt
DSTK_CRYPT_DecryptFile
DSTK_CRYPT_Encrypt
DSTK_CRYPT_EncryptFile
DSTK_CRYPT_GenKeyAndIV
DSTK_CRYPT_GenKeyPair
DSTK_CRYPT_GenMAC
DSTK_CRYPT_GenMAC2
DSTK_CRYPT_GenMACFile
DSTK_CRYPT_GenRandom
DSTK_CRYPT_GenSharedKey
DSTK_CRYPT_GetChangedKeyAndIV
DSTK_CRYPT_GetKeyAndIV
DSTK_CRYPT_Hash
DSTK_CRYPT_HashFile
DSTK_CRYPT_SetChangedKeyAndIV
DSTK_CRYPT_SetEnvChangeIV
DSTK_CRYPT_SetKeyAndIV
DSTK_CRYPT_SetPaddingType
DSTK_CRYPT_SetRSAVersion
DSTK_CRYPT_Sign
DSTK_CRYPT_SignFile
DSTK_CRYPT_SignFile2
DSTK_CRYPT_Verify
DSTK_CRYPT_VerifyFile
DSTK_CRYPT_VerifyFile2
DSTK_CRYPT_VerifyMAC
DSTK_CRYPT_VerifyMAC2
DSTK_CRYPT_VerifyMACFile
DSTK_CSR_Generate
DSTK_DSAP_GetCRLByCert
DSTK_DSAP_GetDataByURL
DSTK_MEDIA_CARD_DeleteCert
DSTK_MEDIA_CARD_DeletePriKey
DSTK_MEDIA_CARD_ReadCert
DSTK_MEDIA_CARD_ReadPriKey
DSTK_MEDIA_CARD_WriteCert
DSTK_MEDIA_CARD_WritePriKey
DSTK_MEDIA_DISK_DeleteCert
DSTK_MEDIA_DISK_DeletePriKey
DSTK_MEDIA_DISK_ReadCert
DSTK_MEDIA_DISK_ReadFile
DSTK_MEDIA_DISK_ReadPriKey
DSTK_MEDIA_DISK_WriteCert
DSTK_MEDIA_DISK_WriteFile
DSTK_MEDIA_DISK_WritePriKey
DSTK_MEDIA_Load
DSTK_MEDIA_Unload
DSTK_MEDIA_WINS_GetCertCnt
DSTK_MEDIA_WINS_GetCertDN
DSTK_MEDIA_WINS_ReadCaPubs
DSTK_MEDIA_WINS_ReadCert
DSTK_MEDIA_WINS_ReadPriKey
DSTK_MEDIA_WINS_WriteCert
DSTK_MEDIA_WINS_WriteCertAndPriKey
DSTK_OCSP_CheckCertStatus
DSTK_OCSP_MakeOCSPReq
DSTK_OCSP_SendAndRecv
DSTK_OCSP_VerifyResMsg
DSTK_PEM_Decode
DSTK_PEM_Encode
DSTK_PFX_Export
DSTK_PFX_Export2
DSTK_PFX_ExportMultiPair
DSTK_PFX_ExportMultiPair2
DSTK_PFX_Import
DSTK_PFX_ImportMultiPair
DSTK_PFX_ImportMultiPair2
DSTK_PKCS11_CMP_CertRequest
DSTK_PKCS11_CMP_CertRevoke
DSTK_PKCS11_CMP_CertUpdate
DSTK_PKCS11_CMP_CertUpdate2
DSTK_PKCS11_ChangePIN
DSTK_PKCS11_CloseSession
DSTK_PKCS11_Decrypt
DSTK_PKCS11_DecryptData
DSTK_PKCS11_DeleteCertAndPriKey
DSTK_PKCS11_Encrypt
DSTK_PKCS11_GenKeyPair
DSTK_PKCS11_GetCertCnt
DSTK_PKCS11_GetCertInfo
DSTK_PKCS11_GetSlotList
DSTK_PKCS11_GetTokenInfo
DSTK_PKCS11_InitToken
DSTK_PKCS11_InitTokenWithSlotID
DSTK_PKCS11_Login
DSTK_PKCS11_Login4SmartCert
DSTK_PKCS11_Logout
DSTK_PKCS11_OpenSession
DSTK_PKCS11_OpenSessionWithSlotID
DSTK_PKCS11_OpenSessionWithTokenName
DSTK_PKCS11_ReadCert
DSTK_PKCS11_ReadRandomForVID
DSTK_PKCS11_SetInitArgs
DSTK_PKCS11_Sign
DSTK_PKCS11_Sign4SmartCert
DSTK_PKCS11_SignAndEnvData
DSTK_PKCS11_SignAndEnvData4SmartCert
DSTK_PKCS11_SignData
DSTK_PKCS11_SignData4SmartCert
DSTK_PKCS11_SignData_NoContent
DSTK_PKCS11_Verify
DSTK_PKCS11_VerifyAndDecData
DSTK_PKCS11_VerifySignatureValue
DSTK_PKCS11_WriteCertAndPriKey
DSTK_PRIKEY_ChangePasswd
DSTK_PRIKEY_CheckKeyPair
DSTK_PRIKEY_Decrypt
DSTK_PRIKEY_Encrypt
DSTK_PRIKEY_GetPriKeyInfo
DSTK_TSP_GetTokenInfo
DSTK_TSP_GetTokenInfo2
DSTK_TSP_MakeReqMsg
DSTK_TSP_SendAndRecv
DSTK_TSP_TimeStampData
DSTK_TSP_TimeStampFile
DSTK_TSP_VerifyResMsg
DSTK_TSP_VerifyToken
DSTK_TSP_VerifyToken2
DSTK_UNI_DecryptEnvData
DSTK_UNI_VerifySignData
DSTK_UNI_ViewCert
DSTK_UTIL_AddObject
DSTK_UTIL_CompareDN
DSTK_UTIL_GetCertPath
DSTK_UTIL_GetObject
DSTK_UTIL_GetObjectCount
DSTK_UTIL_GetRootCert
DSTK_UTIL_IsTrustCert
DSTK_VID_GetRandomFromPriKey
DSTK_VID_HashOfIDN_R
DSTK_VID_SetRandomToPriKey
DSTK_VID_Verify
DSTK_VID_VerifyByIVS
DSTK_WPKI_DecryptData
DSTK_WPKI_EncryptData
DSTK_WPKI_SignData
DSTK_WPKI_VerifyCert
DSTK_WPKI_VerifyData

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d4bbd351e87b5f612ba287c9b77658c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

wsock32

crypt32

advapi32

user32

kernel32

oleaut32

oleacc

gdi32

winspool.drv

Exports

Exports

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 285KB - Virtual size: 285KB

.data Size: 137KB - Virtual size: 154KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 148KB - Virtual size: 148KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 285KB - Virtual size: 285KB

.data
Size: 137KB - Virtual size: 154KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 148KB - Virtual size: 148KB