General

  • Target

    HSBC_UKToolv1.0.0.6.exe

  • Size

    3.5MB

  • MD5

    7b7702067e951bd5efd6930025432c64

  • SHA1

    dc9130c769472eeadeac380c0fc40029d2e8e295

  • SHA256

    55453f794fbc569bf4afdf593aa27ff863bf1e1c67c7ccb5eb7bf48f29ff0de4

  • SHA512

    7c107885607c73121f1dfc6ab3f7f6c3e2c21264229eb9b3551fc9bb5e6bf830d4fd072ba900ab039715e99afc50d79ce6812c646ca4531f88fdbfe07e3930f7

  • SSDEEP

    98304:8XBnHfsvIWrreL4Zld+oyjgCCPMBHyiciqK8DWoYoA2e:SnEbe0MjgCCPMBSictGQe

Score
3/10

Malware Config

Signatures

  • Unsigned PE 5 IoCs

    Checks for missing Authenticode signature.

Files

  • HSBC_UKToolv1.0.0.6.exe
    .exe windows:4 windows x86 arch:x86

    24f4223e271413c25abad52fd456a9bc


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    4b45b7e00344a87332fbd12653854d1a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/KillProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    97c84efb92e9e74c911abc996572ac5e


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    fc0224e99e736751432961db63a41b76


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $SYSDIR/CFCA_HSBC_CSP.dll
    .dll windows:5 windows x86 arch:x86

    0a95aabda91ab79be30a88b1d78d17da


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/CFCA_HSBC_GMAPI.dll
    .dll windows:5 windows x86 arch:x86

    318cd12a944d584b3879e1c00efda621


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/CFCA_HSBC_LIB.dll
    .dll windows:5 windows x86 arch:x86

    e58b78dddb52fb6a929123483497ad15


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/CFCA_HSBC_P11.dll
    .dll windows:5 windows x86 arch:x86

    c2ec3d5326c898b18e50fa6f898a290f


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/CFCA_HSBC_SRV.exe
    .exe windows:5 windows x86 arch:x86

    86fb0d0839de9f0af7b836ea9d276007


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/CFCA_HSBC_scsp.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    4d3d95036cbeabad4c69b418a37ee2ee


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/CFCA_HSBC_scsp.sig
  • $SYSDIR/CryptoKit.HSBC.exe
    .exe windows:5 windows x86 arch:x86

    bf95d1fc1d10de18b32654b123ad5e1f


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:5 windows x86 arch:x86

    039bcbc605477e8e87ec550c2e60e748


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/CryptoKit.HSBC.x64.dll
    .dll regsvr32 windows:5 windows x64 arch:x64

    25caddb1d4d67979deb136bc46bbfeb1


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/CryptoKit.HSBC.x86.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    68b6a8e7fcedd1a40e82c378c61c6c12


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/npCryptoKit.HSBC.x86.dll
    .dll windows:5 windows x86 arch:x86

    013833e4780fce2f4121a37a72e7b76c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • CryptoKitHost.HSBC.x86.exe
    .exe windows:5 windows x86 arch:x86

    56aabd9e03740bc5966323dca57bbe21


    Code Sign

    Headers

    Imports

    Sections

  • com.cfca.CryptoKitHost.HSBC-firefox.json
  • com.cfca.CryptoKitHost.HSBC-win.json
  • uninst.exe.nsis
  • HSBC_UKeyTool.exe
    .exe windows:5 windows x86 arch:x86

    fe0b2c78ce8b2d51ed2863fbe21c537a


    Code Sign

    Headers

    Imports

    Sections