X2[.]5A[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

X2.5A.exe
Size

11.7MB
MD5

066adbdf1d01db495d494aca5f72e41f
SHA1

6f98d9c4a0ae85023d4f77a50ed2fd4771e3a19f
SHA256

fef1cad271e2f8aed0e557561577fe6f1ecdb4fbf16a810755d5a90c8f05cf02
SHA512

d3d8eb6c38d88781a4a1917cfc68ca012fd8484dd04e785a496516307769f41001d6488b0461fc020a3a4115283ebe6d8b059f2b8d4b82ff309d7e24eb1f19fe
SSDEEP

24576:cPkGgW8ugdGJYDLoL/vddOUmB5I4LjbrMChWVeTsAe+ZWWj80pYWoTIbjpCeT:/wxH1ah4UTtVZWWj8MTbjpl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
X2.5A.exe

Files

X2.5A.exe
.exe windows:5 windows x86 arch:x86

d2eee834a4a96b94f8295740ae76cc8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\dev\_current\smart card reader\NoProtect_bk\Src\X1\Release\X1.pdb

Imports

sqlite3

sqlite3_finalize
sqlite3_column_double
sqlite3_column_int
sqlite3_column_text
sqlite3_column_type
sqlite3_column_count
sqlite3_step
sqlite3_exec
sqlite3_changes
sqlite3_prepare
sqlite3_close
sqlite3_open

globalplatform

OP201_get_status
GP211_put_delegated_management_keys
OP201_send_APDU
GP211_send_APDU
OPGP_enable_trace_mode
OP201_put_delegated_management_keys
GP211_put_secure_channel_keys
GP211_VISA1_derive_keys
GP211_VISA2_derive_keys
GP211_EMV_CPS11_derive_keys
OP201_put_secure_channel_keys
OP201_VISA1_derive_keys
OP201_VISA2_derive_keys
OP201_EMV_CPS11_derive_keys
OPGP_card_disconnect
GP211_install_for_install_and_make_selectable
OPGP_establish_context
OP201_install_for_install_and_make_selectable
GP211_install_for_load
OP201_install_for_load
OPGP_read_executable_load_file_parameters
GP211_delete_key
OP201_delete_key
GP211_delete_application
OP201_delete_application
GP211_load
OP201_load
GP211_get_data
OP201_get_data
OPGP_select_application
GP211_mutual_authentication
GP211_get_secure_channel_protocol_details
OP201_mutual_authentication
OPGP_card_connect
OPGP_list_readers
OPGP_release_context
GP211_get_status

mfc90

ord4434
ord9945
ord7746
ord12597
ord12145
ord13116
ord10284
ord10437
ord9952
ord13174
ord12384
ord1108
ord1137
ord6615
ord4431
ord2591
ord4113
ord6557
ord6787
ord5167
ord339
ord1145
ord2243
ord6584
ord3506
ord4029
ord4952
ord899
ord4477
ord5776
ord3141
ord5753
ord1555
ord6793
ord5520
ord663
ord6329
ord2590
ord1692
ord790
ord3654
ord3273
ord686
ord436
ord3579
ord5761
ord6802
ord2084
ord5852
ord6784
ord324
ord404
ord2458
ord2523
ord1568
ord6815
ord5528
ord780
ord579
ord3390
ord2209
ord664
ord405
ord305
ord3213
ord1611
ord5878
ord1607
ord1334
ord1321
ord1654
ord4502
ord6255
ord2904
ord6257
ord2899
ord2360
ord1938
ord615
ord3487
ord4640
ord1670
ord2277
ord4496
ord1604
ord2103
ord781
ord580
ord266
ord265
ord5615
ord4617
ord5152
ord5309
ord4993
ord2208
ord1810
ord1809
ord1678
ord3344
ord6388
ord1496
ord4650
ord5636
ord4668
ord3987
ord639
ord374
ord3783
ord2082
ord4223
ord2481
ord4481
ord4506
ord4507
ord4392
ord6153
ord4409
ord6154
ord1603
ord945
ord310
ord1339
ord1358
ord6527
ord6079
ord6170
ord6166
ord744
ord524
ord2069
ord4030
ord3534
ord2106
ord1183
ord3528
ord777
ord595
ord4667
ord4895
ord4334
ord2886
ord4057
ord4067
ord4066
ord3277
ord2759
ord2888
ord2769
ord3135
ord2961
ord4714
ord3107
ord2978
ord2766
ord5633
ord1728
ord2047
ord1792
ord2139
ord5608
ord1446
ord2368
ord2375
ord2625
ord2607
ord2605
ord2623
ord2635
ord2612
ord2628
ord2633
ord2616
ord2618
ord2620
ord2614
ord2630
ord2610
ord969
ord965
ord967
ord963
ord958
ord5666
ord5668
ord6446
ord1729
ord4688
ord5139
ord3732
ord5647
ord4589
ord6780
ord5497
ord6783
ord4159
ord6781
ord4733
ord1276
ord2206
ord6018
ord4165
ord1046
ord5533
ord6721
ord1644
ord4199
ord2087
ord3209
ord5657
ord5659
ord8432
ord4333
ord4981
ord5663
ord5646
ord6001
ord3110
ord2074
ord5585
ord4646
ord1497
ord4331
ord1752
ord1755
ord6391
ord3346
ord1720
ord2283
ord3920
ord300
ord2539
ord311
ord307
ord6791
ord1280
ord1247
ord5750
ord1219
ord820
ord1069
ord3856
ord817
ord1254
ord1258
ord316
ord3621
ord554
ord1252
ord1039
ord5869
ord601
ord798
ord758
ord800
ord4890
ord9252
ord6462
ord1098
ord4197
ord7312
ord6494
ord3218
ord6356
ord5389
ord3671
ord6782
ord4160
ord7118
ord5813
ord2251

msvcr90

memmove_s
_setmode
_open
_close
_unlink
_write
_read
_controlfp_s
_invoke_watson
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
frexp
modf
strtok
vfprintf
isalpha
vsprintf
tmpnam
_lseek
abort
strrchr
isupper
tmpfile
strstr
perror
fgetc
isspace
_errno
_getcwd
strchr
putc
isdigit
_stricmp
_mktime64
_gmtime64
getenv
__iob_func
memcmp
atan2
fabs
sqrt
log
exp
bsearch
fprintf
pow
memmove
strcpy
strlen
isprint
_CIlog
ceil
rand
qsort
_CIexp
ldiv
_CIsin
_CIfmod
_CIcos
realloc
strncmp
longjmp
__CxxLongjmpUnwind
_setjmp3
_swab
_CxxThrowException
_CIpow
_strnicmp
calloc
strncpy
_CIsqrt
floor
fopen
__CxxFrameHandler3
fscanf
fgets
fputc
feof
fflush
ftell
fseek
fwrite
fread
fclose
_purecall
memcpy
memset
memcpy_s
_mbsncmp
exit
printf
_mbscmp
_snprintf
_mbstok
sscanf
_mbsnbcpy
_invalid_parameter_noinfo
atoi
sprintf
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_itoa
strtol
atof
malloc
free
_setmbcp

kernel32

SizeofResource
LoadResource
LockResource
GetCurrentDirectoryA
FindResourceA
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
lstrlenA
ExitProcess
ResumeThread
WaitForSingleObject
CloseHandle
GlobalFree
GlobalAlloc

user32

GetClientRect
SendMessageA
LoadIconA
GetDlgItem
GetSysColor
GetDC
ReleaseDC
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
DrawIcon
GetSystemMetrics
IsIconic
AppendMenuA
GetSystemMenu
InvalidateRect
CopyRect
GetWindowPlacement
EnableWindow

gdi32

SelectObject
DeleteObject
DeleteDC
CreateDIBSection
ExtTextOutA
CreateCompatibleDC
GetDIBits
RealizePalette
RestoreDC
BitBlt
SetDIBitsToDevice
StretchDIBits
SetStretchBltMode
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
SaveDC
SetBkColor
CreateCompatibleBitmap
SetWinMetaFileBits
GetDeviceCaps
DeleteEnhMetaFile
GetEnhMetaFileHeader
SetEnhMetaFileBits
PlayEnhMetaFile
SelectPalette
CreatePalette
GetEnhMetaFilePaletteEntries
CreateFontA

comctl32

InitCommonControlsEx

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z

ws2_32

htonl
ntohl
ntohs
htons

Exports

Exports

png_access_version_number
png_benign_error
png_build_grayscale_palette
png_calloc
png_chunk_benign_error
png_chunk_error
png_chunk_warning
png_convert_from_struct_tm
png_convert_from_time_t
png_convert_to_rfc1123
png_create_info_struct
png_create_read_struct
png_create_read_struct_2
png_create_write_struct
png_create_write_struct_2
png_data_freer
png_destroy_info_struct
png_destroy_read_struct
png_destroy_write_struct
png_error
png_free
png_free_data
png_free_default
png_get_IHDR
png_get_PLTE
png_get_bKGD
png_get_bit_depth
png_get_cHRM
png_get_cHRM_fixed
png_get_channels
png_get_chunk_cache_max
png_get_chunk_malloc_max
png_get_color_type
png_get_compression_buffer_size
png_get_compression_type
png_get_copyright
png_get_error_ptr
png_get_filter_type
png_get_gAMA
png_get_gAMA_fixed
png_get_hIST
png_get_header_ver
png_get_header_version
png_get_iCCP
png_get_image_height
png_get_image_width
png_get_int_32
png_get_interlace_type
png_get_io_chunk_name
png_get_io_ptr
png_get_io_state
png_get_libpng_ver
png_get_mem_ptr
png_get_oFFs
png_get_pCAL
png_get_pHYs
png_get_pHYs_dpi
png_get_pixel_aspect_ratio
png_get_pixel_aspect_ratio_fixed
png_get_pixels_per_inch
png_get_pixels_per_meter
png_get_rgb_to_gray_status
png_get_rowbytes
png_get_rows
png_get_sBIT
png_get_sCAL
png_get_sCAL_fixed
png_get_sCAL_s
png_get_sPLT
png_get_sRGB
png_get_signature
png_get_tIME
png_get_tRNS
png_get_text
png_get_uint_16
png_get_uint_31
png_get_uint_32
png_get_unknown_chunks
png_get_user_chunk_ptr
png_get_user_height_max
png_get_user_transform_ptr
png_get_user_width_max
png_get_valid
png_get_x_offset_inches
png_get_x_offset_inches_fixed
png_get_x_offset_microns
png_get_x_offset_pixels
png_get_x_pixels_per_inch
png_get_x_pixels_per_meter
png_get_y_offset_inches
png_get_y_offset_inches_fixed
png_get_y_offset_microns
png_get_y_offset_pixels
png_get_y_pixels_per_inch
png_get_y_pixels_per_meter
png_handle_as_unknown
png_info_init_3
png_init_io
png_longjmp
png_malloc
png_malloc_default
png_malloc_warn
png_permit_mng_features
png_read_end
png_read_image
png_read_info
png_read_png
png_read_row
png_read_rows
png_read_update_info
png_reset_zstream
png_save_int_32
png_save_uint_16
png_save_uint_32
png_set_IHDR
png_set_PLTE
png_set_add_alpha
png_set_bKGD
png_set_background
png_set_background_fixed
png_set_benign_errors
png_set_bgr
png_set_cHRM
png_set_cHRM_fixed
png_set_chunk_cache_max
png_set_chunk_malloc_max
png_set_compression_buffer_size
png_set_compression_level
png_set_compression_mem_level
png_set_compression_method
png_set_compression_strategy
png_set_compression_window_bits
png_set_crc_action
png_set_error_fn
png_set_expand
png_set_expand_gray_1_2_4_to_8
png_set_filler
png_set_filter
png_set_filter_heuristics
png_set_filter_heuristics_fixed
png_set_flush
png_set_gAMA
png_set_gAMA_fixed
png_set_gamma
png_set_gamma_fixed
png_set_gray_to_rgb
png_set_hIST
png_set_iCCP
png_set_interlace_handling
png_set_invalid
png_set_invert_alpha
png_set_invert_mono
png_set_keep_unknown_chunks
png_set_longjmp_fn
png_set_mem_fn
png_set_oFFs
png_set_pCAL
png_set_pHYs
png_set_packing
png_set_packswap
png_set_palette_to_rgb
png_set_quantize
png_set_read_fn
png_set_read_status_fn
png_set_read_user_chunk_fn
png_set_read_user_transform_fn
png_set_rgb_to_gray
png_set_rgb_to_gray_fixed
png_set_rows
png_set_sBIT
png_set_sCAL
png_set_sCAL_fixed
png_set_sCAL_s
png_set_sPLT
png_set_sRGB
png_set_sRGB_gAMA_and_cHRM
png_set_shift
png_set_sig_bytes
png_set_strip_16
png_set_strip_alpha
png_set_swap
png_set_swap_alpha
png_set_tIME
png_set_tRNS
png_set_tRNS_to_alpha
png_set_text
png_set_unknown_chunk_location
png_set_unknown_chunks
png_set_user_limits
png_set_user_transform_info
png_set_write_fn
png_set_write_status_fn
png_set_write_user_transform_fn
png_sig_cmp
png_start_read_image
png_warning
png_write_chunk
png_write_chunk_data
png_write_chunk_end
png_write_chunk_start
png_write_end
png_write_flush
png_write_image
png_write_info
png_write_info_before_PLTE
png_write_png
png_write_row
png_write_rows
png_write_sig

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.4MB - Virtual size: 10.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2eee834a4a96b94f8295740ae76cc8a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sqlite3

globalplatform

mfc90

msvcr90

kernel32

user32

gdi32

comctl32

msvcp90

ws2_32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 266KB - Virtual size: 266KB

.data Size: 15KB - Virtual size: 65KB

.rsrc Size: 10.4MB - Virtual size: 10.4MB

.reloc Size: 43KB - Virtual size: 43KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 266KB - Virtual size: 266KB

.data
Size: 15KB - Virtual size: 65KB

.rsrc
Size: 10.4MB - Virtual size: 10.4MB

.reloc
Size: 43KB - Virtual size: 43KB