WinSCard[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

WinSCard.dll
Size

164KB
MD5

54fc6e148465b240765b3ee5addc7a5a
SHA1

89b168fbcbd86b1ac6d90ee942ed78dc5e95e9a1
SHA256

0cb5234c508c4ded5d57cd4d15c7e86425943dcd322d8453af5952fd95bb8718
SHA512

f8316646627486137ce05f4659e2e37ae4c6b70d2620fc807f503fc0a649c946eb7da3a31078b20a2e683faf3ed8c7356c33a1fee5e1ba92a0fd1718770ef098
SSDEEP

3072:lLdA6FcgbvGHnXDbkj8FEU/qajZBToY6rLUjnSGLAa3XZj:ldA6uCvuDbkj8FEU/TNaLUb7LAaZj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WinSCard.dll

Files

WinSCard.dll
.dll windows:6 windows x86 arch:x86

65826bfa9e45b8a040f51b9c9ddb77ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WinSCard.pdb

Imports

msvcrt

_vsnprintf
wcspbrk
_ultow
??3@YAXPAX@Z
_vsnwprintf
??_V@YAXPAX@Z
??2@YAPAXI@Z
_wcsicmp
_wcsnicmp
_wtoi
_XcptFilter
_amsg_exit
malloc
_initterm
??1type_info@@UAE@XZ
_except_handler4_common
memcpy
memcmp
__CxxFrameHandler3
_CxxThrowException
??_U@YAPAXI@Z
free
memset

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWrite

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableLevel
TraceMessage
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids

ntdll

NtDeviceIoControlFile
RtlInitializeCriticalSection
RtlDeleteCriticalSection
NtCancelIoFileEx
NtCreateFile
RtlDllShutdownInProgress
RtlInitUnicodeString
EtwTraceMessage

api-ms-win-core-errorhandling-l1-1-1

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-2-1

ReadFile
CreateFileW
GetFileSizeEx

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-2-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
SizeofResource
FreeLibrary
LoadResource
LockResource

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegEnumValueW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-2

OpenThreadToken
GetCurrentProcess
GetCurrentThread
GetProcessId
GetCurrentThreadId
SetThreadToken
GetCurrentProcessId
OpenProcessToken
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-2-0

CreateEventW
OpenEventW
ResetEvent
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeConditionVariable
InitializeCriticalSection
SetEvent
WaitForSingleObject
SleepConditionVariableCS
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
CloseThreadpoolCleanupGroup
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolWait

api-ms-win-security-base-l1-2-0

IsValidSid
GetSidLengthRequired
InitializeSid
GetTokenInformation
DuplicateTokenEx
RevertToSelf
AddAce
AddAccessAllowedAce
InitializeAcl
GetAce
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetAclInformation
GetSidSubAuthority
GetLengthSid

rpcrt4

UuidCreate
NdrClientCall2
RpcBindingBind
RpcBindingCreateW
NdrMesTypeEncode2
NdrMesTypeFree2
NdrMesTypeDecode2
MesHandleFree
MesDecodeBufferHandleCreate
MesEncodeDynBufferHandleCreate
RpcSsDestroyClientContext
RpcBindingFree
UuidToStringW
RpcStringFreeW

devobj

DevObjOpenDeviceInfo
DevObjGetDeviceProperty
DevObjCreateDeviceInfoList
DevObjDestroyDeviceInfoList

kernel32

HeapReAlloc
WaitForMultipleObjects
WakeAllConditionVariable
SetLastError
RegEnumKeyExW
RegDeleteKeyExW
lstrcmpiW
lstrlenW
MultiByteToWideChar
GetACP
WideCharToMultiByte
lstrlenA
FindResourceW
lstrcmpW
QueryFullProcessImageNameW
DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

ClassInstall32
SCardAccessNewReaderEvent
SCardAccessStartedEvent
SCardAddReaderToGroupA
SCardAddReaderToGroupW
SCardAudit
SCardBeginTransaction
SCardCancel
SCardConnectA
SCardConnectW
SCardControl
SCardDisconnect
SCardEndTransaction
SCardEstablishContext
SCardForgetCardTypeA
SCardForgetCardTypeW
SCardForgetReaderA
SCardForgetReaderGroupA
SCardForgetReaderGroupW
SCardForgetReaderW
SCardFreeMemory
SCardGetAttrib
SCardGetCardTypeProviderNameA
SCardGetCardTypeProviderNameW
SCardGetDeviceTypeIdA
SCardGetDeviceTypeIdW
SCardGetProviderIdA
SCardGetProviderIdW
SCardGetReaderDeviceInstanceIdA
SCardGetReaderDeviceInstanceIdW
SCardGetReaderIconA
SCardGetReaderIconW
SCardGetStatusChangeA
SCardGetStatusChangeW
SCardGetTransmitCount
SCardIntroduceCardTypeA
SCardIntroduceCardTypeW
SCardIntroduceReaderA
SCardIntroduceReaderGroupA
SCardIntroduceReaderGroupW
SCardIntroduceReaderW
SCardIsValidContext
SCardListCardsA
SCardListCardsW
SCardListInterfacesA
SCardListInterfacesW
SCardListReaderGroupsA
SCardListReaderGroupsW
SCardListReadersA
SCardListReadersW
SCardListReadersWithDeviceInstanceIdA
SCardListReadersWithDeviceInstanceIdW
SCardLocateCardsA
SCardLocateCardsByATRA
SCardLocateCardsByATRW
SCardLocateCardsW
SCardReadCacheA
SCardReadCacheW
SCardReconnect
SCardReleaseAllEvents
SCardReleaseContext
SCardReleaseNewReaderEvent
SCardReleaseStartedEvent
SCardRemoveReaderFromGroupA
SCardRemoveReaderFromGroupW
SCardSetAttrib
SCardSetCardTypeProviderNameA
SCardSetCardTypeProviderNameW
SCardState
SCardStatusA
SCardStatusW
SCardTransmit
SCardWriteCacheA
SCardWriteCacheW
g_rgSCardRawPci
g_rgSCardT0Pci
g_rgSCardT1Pci

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65826bfa9e45b8a040f51b9c9ddb77ed

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-eventing-provider-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

ntdll

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-threadpool-l1-2-0

api-ms-win-security-base-l1-2-0

rpcrt4

devobj

kernel32

Exports

Exports

Sections

.text Size: 143KB - Virtual size: 142KB

.data Size: 2KB - Virtual size: 2KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 143KB - Virtual size: 142KB

.data
Size: 2KB - Virtual size: 2KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 9KB - Virtual size: 9KB