Rockey1S_64[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Rockey1S_64.dll
Size

875KB
MD5

7b87ee6b47ad02fc7e81adb50d888090
SHA1

63cec55cf51c947dd31b32eb503e39fea0b11fbf
SHA256

0cd691da864e17dde390f79b9fff0a9f10c75a96f1a77e3d0a7c3799aa9d24aa
SHA512

0f9cd29f55e90e373e9dc85e1bb4c212938d7d75d6a7d33bd1d4f68f847a68d96987476986da65e467400a612aca903903db0ce6efc3a7847a965c27560fc73a
SSDEEP

12288:WgN0Oyt6jgqEmjqF40axtASxSHFQ8pVe7WHEqA7WR:Wg0Oyt6jgEqFjSxSHFQ+Ve6HNu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Rockey1S_64.dll

Files

Rockey1S_64.dll
.dll windows:5 windows x64 arch:x64

b7632a7987ceaa06cec84792edc4dd85

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

h:\R1sdllX64\R1zhinengsuoAPI(vs2008sp1)\Build\Dynamic\Rockey1S_64.pdb

Imports

hid

HidD_GetAttributes
HidD_SetFeature
HidD_GetFeature
HidD_GetHidGuid
HidD_FlushQueue

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

kernel32

CreateMutexW
WaitForSingleObject
ReleaseMutex
lstrcmpA
lstrlenA
GetSystemTime
MultiByteToWideChar
GetCurrentThreadId
GetProcAddress
GetModuleHandleW
GetVersion
GetFileType
RtlVirtualUnwind
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FreeLibrary
LoadLibraryW
GetVersionExW
FlushConsoleInputBuffer
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
CloseHandle
OpenFileMappingW
CreateFileMappingW
GetLastError
CreateFileW
Sleep
UnmapViewOfFile
MapViewOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GetStdHandle
GetStringTypeA
WriteConsoleW
GetConsoleOutputCP
FlsSetValue
GetCommandLineA
HeapFree
HeapReAlloc
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
ExitProcess
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
RtlPcToFileHeader
WideCharToMultiByte
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapSize
RtlUnwindEx
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
ReadFile
WriteFile
GetConsoleCP
FlushFileBuffers
SetStdHandle
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
CreateFileA
WriteConsoleA
GetProcessHeap

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
wsprintfW

advapi32

ReportEventW
RegisterEventSourceW
DeregisterEventSource

oleaut32

SystemTimeToVariantTime

Exports

Exports

R1_ChangeUserPin
R1_Close
R1_Find
R1_GenRSAKey
R1_GenRandom
R1_GenUpdatePacket
R1_GetCounter
R1_GetErrInfo
R1_GetHID
R1_GetPID
R1_GetVersion
R1_LEDControl
R1_Open
R1_ProducePID
R1_ProduceSoPin
R1_RSADec
R1_RSAEnc
R1_Read
R1_ResetSecurityState
R1_ResetUserPin
R1_SetCounter
R1_SetRSAKey
R1_SetTDesKey
R1_SetTryCountForSoPin
R1_SetTryCountForUserPin
R1_SetUpdatePacket
R1_TDesDec
R1_TDesEnc
R1_Update
R1_VerifySoPin
R1_VerifyUserPin
R1_Write

Sections

.text
Size: 531KB - Virtual size: 530KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7632a7987ceaa06cec84792edc4dd85

Headers

File Characteristics

PDB Paths

Imports

hid

setupapi

kernel32

user32

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 531KB - Virtual size: 530KB

.rdata Size: 161KB - Virtual size: 161KB

.data Size: 136KB - Virtual size: 232KB

.pdata Size: 32KB - Virtual size: 31KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 531KB - Virtual size: 530KB

.rdata
Size: 161KB - Virtual size: 161KB

.data
Size: 136KB - Virtual size: 232KB

.pdata
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 13KB - Virtual size: 13KB