bf3b1d57166580f01efcf5f5799786f7af21c734648b402a3284969ee8b8d896

Sharing

Copy URL Twitter E-mail

General

Target

bf3b1d57166580f01efcf5f5799786f7af21c734648b402a3284969ee8b8d896
Size

2.0MB
MD5

6b1b756cec66beab5c20c9f1526f0595
SHA1

cab155417c6597fd540d1e4c51033da5d4c5f139
SHA256

bf3b1d57166580f01efcf5f5799786f7af21c734648b402a3284969ee8b8d896
SHA512

c2f8d2b1f6a9c83e0360d095340dbf33dbb4dc8a51e8b71296a76b1ba2045f934b5108a67e9c81b79291364fb510bb11269e73634019e7918102d1df46c40993
SSDEEP

49152:IMpgZOtt02RJRwXKGxC0KL5bhuC5/v2bO3CIuWO:ICgZCjRA6GxC0KlECpvX3Ch

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf3b1d57166580f01efcf5f5799786f7af21c734648b402a3284969ee8b8d896

Files

bf3b1d57166580f01efcf5f5799786f7af21c734648b402a3284969ee8b8d896
.exe windows:5 windows x86 arch:x86

d2c737c312badefa8ab62589c63f972d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\svn\Software\Projects\FIDO\Trunk\Modules\Tools\Es_FidoTool-美国蔡森\Release\Es_FidoTool.pdb

Imports

kernel32

GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
VirtualFree
HeapCreate
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
CreateThread
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapSize
ExitThread
ExitProcess
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
RtlUnwind
GetStartupInfoW
FindResourceExW
VirtualProtect
GetFileTime
GetFileSizeEx
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeA
GetProfileIntW
SearchPathW
GetSystemDirectoryW
GetTempPathW
GetTempFileNameW
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
lstrcpyW
GetCurrentDirectoryW
GetThreadLocale
GlobalGetAtomNameW
LocalReAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
InterlockedIncrement
GlobalFlags
InterlockedDecrement
SetThreadPriority
WritePrivateProfileStringW
GetPrivateProfileIntW
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
CompareStringA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryW
CompareStringW
LoadLibraryA
FreeLibrary
lstrcmpW
GetLocaleInfoA
GetStringTypeW
GetVersionExA
CopyFileW
GlobalSize
GlobalAlloc
FormatMessageW
lstrlenW
GetModuleFileNameW
MulDiv
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
CreateEventW
CancelIo
GetOverlappedResult
lstrlenA
ResumeThread
InterlockedExchange
GetExitCodeThread
TerminateThread
ResetEvent
SetEvent
CreateEventA
GetHandleInformation
GlobalMemoryStatus
GetCurrentThread
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileW
CreateFileW
GetFileAttributesW
FindClose
TlsFree
TlsSetValue
TlsGetValue
SetLastError
TlsAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
WriteFile
ReadFile
CreateFileA
GetFileSize
SetFilePointer
SetEndOfFile
SwitchToThread
CreateMutexA
CreateFileMappingA
OpenMutexA
WaitForSingleObject
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
LocalAlloc
LocalFree
CloseHandle
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
GetModuleHandleW
GetCurrentProcess
GetVersionExW
GetProcessHeap
HeapAlloc
HeapFree
GetModuleFileNameA
GetSystemTimeAsFileTime
GetModuleHandleA
GetProcAddress
InterlockedCompareExchange
InterlockedExchangeAdd
WideCharToMultiByte
Sleep
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
CreateMutexW

user32

EnableScrollBar
UnionRect
SetCursorPos
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
UnregisterClassW
GetNextDlgGroupItem
InvalidateRgn
SetRect
CharNextW
EmptyClipboard
CloseClipboard
SetClipboardData
LoadImageW
DestroyIcon
CopyImage
OpenClipboard
DrawStateW
RegisterClipboardFormatW
EnumChildWindows
LockWindowUpdate
BringWindowToTop
IsRectEmpty
KillTimer
SetTimer
InvalidateRect
IsMenu
SetClassLongW
SetParent
CreatePopupMenu
NotifyWinEvent
SetWindowRgn
CreateAcceleratorTableW
LoadAcceleratorsW
DestroyAcceleratorTable
GetAsyncKeyState
CharUpperW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
PostThreadMessageW
SetRectEmpty
DeleteMenu
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
LoadCursorW
GetSysColorBrush
DestroyMenu
GetMenuItemInfoW
InflateRect
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
SetWindowContextHelpId
MapDialogRect
SystemParametersInfoW
MessageBeep
RedrawWindow
IsZoomed
UpdateLayeredWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetDoubleClickTime
ModifyMenuW
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
UpdateWindow
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
SetMenuDefaultItem
GetMenuDefaultItem
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
IsClipboardFormatAvailable
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
FrameRect
GetUpdateRect
CharUpperBuffW
CopyIcon
SubtractRect
PostQuitMessage
GetIconInfo
PtInRect
GetMenu
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
CreateMenu
GetWindowRgn
DestroyCursor
LoadBitmapW
GetWindowPlacement
GetWindow
GetWindowRect
LoadMenuW
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
GetWindowThreadProcessId
GetLastActivePopup
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
MessageBoxW
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
GetSysColor
AppendMenuW
GetSystemMenu
LoadIconW
SendMessageW
EnableWindow
CopyAcceleratorTableW

gdi32

Polyline
Ellipse
Polygon
Rectangle
RoundRect
CreatePalette
GetPaletteEntries
GetWindowOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
LPtoDP
ExtFloodFill
SetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExW
CreatePolygonRgn
GetTextFaceW
SetPixelV
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
CreateEllipticRgn
ScaleViewportExtEx
GetBkColor
CreateDIBSection
SetPixel
StretchBlt
RealizePalette
GetDIBits
SetDIBColorTable
GetTextColor
CreateRoundRectRgn
GetTextCharsetInfo
EnumFontFamiliesW
CreateCompatibleBitmap
CreateDIBitmap
GetRgnBox
OffsetRgn
DPtoLP
PatBlt
GetMapMode
CombineRgn
SetRectRgn
CreateRectRgnIndirect
GetTextMetricsW
GetTextExtentPoint32W
CreateFontIndirectW
GetDCOrgEx
CopyMetaFileW
CreateHatchBrush
CreateSolidBrush
CreatePen
GetDeviceCaps
GetObjectType
SelectPalette
GetStockObject
CreateCompatibleDC
CreateBitmap
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
GetObjectW
CreateRectRgn
SelectClipRgn
DeleteObject
CreateFontW
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
SetWindowOrgEx

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegOpenKeyExW
GetLengthSid
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeSecurityDescriptor
OpenProcessToken
SetSecurityInfo
GetSecurityDescriptorSacl
CreateWellKnownSid
GetUserNameA
RegEnumKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
OpenThreadToken
LookupPrivilegeValueW
PrivilegeCheck
InitializeAcl

shell32

DragFinish
SHGetPathFromIDListW
SHBrowseForFolderW
SHAppBarMessage
ShellExecuteW
DragQueryFileW
SHGetFileInfoW

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathRemoveFileSpecW

oledlg

OleUIBusyW

ole32

OleLockRunning
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
OleGetClipboard
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoUninitialize
CoInitializeEx
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoGetClassObject
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleDuplicateData
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoRegisterMessageFilter
CoRevokeClassObject

oleaut32

SysStringLen
OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString

gdiplus

GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW

winscard

SCardReleaseContext
SCardTransmit
g_rgSCardT1Pci
SCardEstablishContext
SCardConnectA
g_rgSCardT0Pci
SCardListReadersA
SCardDisconnect

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailW

hid

HidD_SetNumInputBuffers
HidD_GetPreparsedData
HidP_GetCaps
HidD_FreePreparsedData
HidD_SetFeature
HidD_GetFeature
HidD_GetHidGuid

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2c737c312badefa8ab62589c63f972d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

version

winscard

setupapi

hid

imm32

winmm

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 326KB - Virtual size: 326KB

.data Size: 26KB - Virtual size: 58KB

.rsrc Size: 84KB - Virtual size: 83KB

.reloc Size: 151KB - Virtual size: 151KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 326KB - Virtual size: 326KB

.data
Size: 26KB - Virtual size: 58KB

.rsrc
Size: 84KB - Virtual size: 83KB

.reloc
Size: 151KB - Virtual size: 151KB