3cb6f4d0275d811977c7b44e6fc1ab7aaf25dd5ea8f071b91dcaffeaa26bd1a6

Sharing

Copy URL Twitter E-mail

General

Target

3cb6f4d0275d811977c7b44e6fc1ab7aaf25dd5ea8f071b91dcaffeaa26bd1a6
Size

422KB
MD5

0753fa02307431ebcbd7a83ac10ea71d
SHA1

99dacd89f94499c7060368acaa697ebcd89a5bcd
SHA256

3cb6f4d0275d811977c7b44e6fc1ab7aaf25dd5ea8f071b91dcaffeaa26bd1a6
SHA512

cfe7e56eab646b46fdb42d059a6b3e7d0fc683cd25f83c7d2496b382ee59328a726bdc30f77cbb7e00b5aeb21dc1bd53ec7e45fc7a1c645bdeee0cd5511193e5
SSDEEP

6144:r3HCVGn1MDXEjIkjj8Z1Wb0jf70Zh7rhhfd4O7SJI6Mh7pweJG5T/MCP:bCMMEjIk/8PWIjTU7rhh7Vpyew5T/J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cb6f4d0275d811977c7b44e6fc1ab7aaf25dd5ea8f071b91dcaffeaa26bd1a6

Files

3cb6f4d0275d811977c7b44e6fc1ab7aaf25dd5ea8f071b91dcaffeaa26bd1a6
.exe windows:5 windows x86 arch:x86

02669f2be933f969b83752ff13abbff5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

ws2_32

shutdown
select
WSAStartup
inet_addr
getsockopt
send
recv
socket
htons
bind
listen
closesocket
accept
WSACleanup

websocketsdll

lws_service
lws_create_context
lws_context_destroy
lws_write

eyibc

InitEYIBC
GMCryptHash
CreateLibCtx
CreateIBCParamObjectFromMem
SetLibCtxAttribute
CreatePrvKeyObjectFromMemEx
SetIBCPrvKeyStatus
DestroyLibCtx
DestroyIBCParamObject
GMBase64Decode
GMBase64Encode
DestroyIdentityList
DestroyCertObject
CreateSM2PubKeyObjectFromMem
CreatePKCPubKeyObjectFromCertificate
CreateCertObjectFromData
CreateSM2PrvKeyObjectFromMem
CreatePrvKeyObjectFromMem
DestroyPubKeyObject
GM_random
GMCryptFpeBatchEnc
GMFpeBatchDataCheck
DestroyPrvKeyObject
GetPrvKeyAttribute
GM_free
GMCryptVerifySignData
GetDefaultEnvAlg
CreateIBCPubKeyObjectEx
GMCryptMACEx2
GMCryptEncrypt
GMCryptExportData
GMCryptDestroyMAC
GMCryptMACFinal
GMCryptEncFinal
GMCryptEncUpdate
GMCryptMACUpdate
GMCryptEncInit
SetSecKeyAttribute
GMCryptGenSecKey
GMCryptMACInit
GetIBCParamAttribute
GMCryptGenMAC
GMCryptDecrypt
GMCryptImportData
GMCryptDecFinal
GMCryptDecUpdate
GMCryptDecInit
DeviceWriteFile
DeviceCreateFile
DeviceReadFile
GetDefaultSignAlg
CreatePKCPubKeyObjectFromData
SetPubKeyAttribute
SetMACAttribute

keymanager

PMDeviceFindKey
PMDeviceManageCreateDevice
PMDeviceManageEnumDevice
PMFileDeviceCreate
PMDeviceDestroy
PMDeviceClose
PMDeviceVerifyPassword
PMDeviceGetAttribute
PMKeyDestroy
PMEnvelopSM2P7Encrypt
PMEnvelopSM2P7Decrypt
PMKeyDataDestroy
PMEnvelopSM9P7Encrypt
PMKeyGetAttribute
PMKeyCreate
PMKeyDataSetAttribute
PMKeyDataCreate
PMGetErrorMsg
PMLogSetMode
PMEngineCreate
PMEngineSetAttribute
PMSetErrorMsgFile
PMDeviceManageDestroy
PMDeviceManageCreate
PMSignatureInitVerify
PMSignatureInitIDVerify
PMSignatureVerify
PMKeyUnload
PMUnityServiceCreate
PMUnityServiceSendCode
PMUnityServiceGetToken
PMUnityServiceDownloadKey
PMKeyGenerateCSR
PMUnityServiceRequestCertificate
PMKeyUpdateCertificate
PMSM9KeyIndexCreate
PMUnityServiceSetAttribute
PMDeviceImportKey
PMSignatureCreate
PMSignatureInitSign
PMSignatureUpdate
PMSignatureSign
PMUnityServiceDestroy
PMSignatureDestroy
PMDeviceGetKeysCount
PMDeviceGetKeysItem
PMDeviceOpen
PMFree
PMAsymCipherDecryptInit
PMAsymCipherCreate
PMAsymCipherEncryptInitID
PMAsymCipherDoFinal
PMAsymCipherDestroy
PMKeyGetStatus
PMKeyLoad
PMEnvelopSM9P7Decrypt

libeay32

ord641
ord66
ord657
ord585
ord653
ord181
ord129
ord1002
ord9
ord1161
ord76
ord95
ord78
ord109
ord401
ord656

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
GetProcessHeap
SetEndOfFile
GetLocaleInfoW
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetFilePointer
ReadFile
IsValidCodePage
GetOEMCP
GetACP
HeapSize
VirtualFree
HeapCreate
GetFileType
SetHandleCount
FlushFileBuffers
GetConsoleCP
WriteFile
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
HeapReAlloc
GetSystemTimeAsFileTime
ExitProcess
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapFree
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceCounter
GetVolumeInformationA
GlobalAlloc
GlobalFree
GetSystemDirectoryA
DeleteFileA
GetStdHandle
GetConsoleMode
SetLastError
Sleep
GetCurrentProcessId
GetSystemTime
GetLocalTime
OutputDebugStringA
ReleaseMutex
WaitForSingleObject
GetCommandLineA
CreateMutexA
GetCurrentThreadId
CreateSemaphoreA
GetModuleHandleA
FindResourceA
LoadResource
SizeofResource
IsDBCSLeadByte
GetModuleHandleW
lstrcmpiA
InterlockedIncrement
lstrlenW
GetCurrentThread
GetCurrentProcess
CloseHandle
GetModuleFileNameA
lstrlenA
InterlockedDecrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExA
GetProcAddress
FreeLibrary

user32

CharNextA
LoadStringA
PostThreadMessageA
MessageBoxA
DispatchMessageA
GetMessageA
CharNextW

advapi32

CreateServiceA
RegDeleteValueA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
RegEnumKeyExA
RegQueryInfoKeyA
RegCreateKeyExA
OpenThreadToken
OpenProcessToken
SetServiceStatus
RegisterEventSourceA
ReportEventA
DeregisterEventSource
ControlService
DeleteService
RegDeleteKeyA
ChangeServiceConfig2A
OpenSCManagerA
OpenServiceA
CloseServiceHandle
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoUninitialize
CoInitialize
CoInitializeSecurity
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemAlloc

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

Sections

.text
Size: 353KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02669f2be933f969b83752ff13abbff5

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

ws2_32

websocketsdll

eyibc

keymanager

libeay32

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 353KB - Virtual size: 352KB

.rdata Size: 59KB - Virtual size: 58KB

.data Size: 6KB - Virtual size: 16KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 353KB - Virtual size: 352KB

.rdata
Size: 59KB - Virtual size: 58KB

.data
Size: 6KB - Virtual size: 16KB

.rsrc
Size: 3KB - Virtual size: 2KB