9e3ed7a3e420f08fb319bd603e94ee3ec5982305c487396c1b9c931b0bcacf4a

Sharing

Copy URL Twitter E-mail

General

Target

9e3ed7a3e420f08fb319bd603e94ee3ec5982305c487396c1b9c931b0bcacf4a
Size

568KB
MD5

1568922302294f84b78ad499dbb8968a
SHA1

5a4afbd864f3215b6e2b2c0d0ca2f9824648fd1e
SHA256

9e3ed7a3e420f08fb319bd603e94ee3ec5982305c487396c1b9c931b0bcacf4a
SHA512

46ee4d0475d2263c1668910880071d0c2bed460eda0afe7c6fb55f2c812a7b3aa2cc7dd517a521f44af950afe2626dee316d84bd3dc89ae440c74847823c0b97
SSDEEP

6144:/0YY72ljv4QXGg4Cv4yDGoG0TeTOhIwUbJFm4fZgX9K6wKs3:Nu2eDgV4nB8eTOhIwUbJFmlI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9e3ed7a3e420f08fb319bd603e94ee3ec5982305c487396c1b9c931b0bcacf4a

Files

9e3ed7a3e420f08fb319bd603e94ee3ec5982305c487396c1b9c931b0bcacf4a
.dll windows:5 windows x64 arch:x64

c76ddf6e1ee69230b6330c8c07d7d2d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\SVN\Customization\GM3000\LXY-1410-340_江苏翔晟\4.Development\江苏翔晟 GM3000-HID PID 定制版\middleware\skf\mtoken_gm3000\Release\x64\mtoken_gm3000_xs.pdb

Imports

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

hid

HidD_FreePreparsedData
HidD_GetPreparsedData
HidD_GetFeature
HidD_GetHidGuid
HidD_FlushQueue
HidP_GetCaps

kernel32

HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
FlsSetValue
GetCommandLineA
HeapSetInformation
HeapCreate
HeapDestroy
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
RaiseException
RtlPcToFileHeader
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
HeapSize
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetFileType
GetStartupInfoA
DisableThreadLibraryCalls
CallNamedPipeW
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
LocalFree
CreateMutexA
OpenMutexA
WaitForSingleObject
ReleaseMutex
CreateEventA
GetLastError
CancelIo
DeleteCriticalSection
DeviceIoControl
GetProcessHeap
SetEndOfFile
ReadFile
FreeEnvironmentStringsA
FreeLibrary

user32

DestroyWindow
UnregisterDeviceNotification
UpdateWindow
DefWindowProcA
PostMessageA
GetMessageA
ShowWindow
CreateWindowExA
RegisterDeviceNotificationA
RegisterClassA

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA

Exports

Exports

MKF_AddConnectedDev
MKF_GenRemoteUnlockResponse
MKF_GenRemoteUnlockResponseEx
MKF_GetDeviceCaps
MKF_GetRawHWSN
MKF_SetApplicationExtAtttr
MKF_SetEnumDeviceString
MKF_WriteOemInfo
MKF_X509Der2RSAPRIVATEKEYBLOB
SKFEX_ECCDecrypt
SKFEX_RSADecrypt
SKF_CancelEnrollFinger
SKF_CancelVerifyFinger
SKF_CancelWaitForDevEvent
SKF_ChangeDevAuthKey
SKF_ChangePIN
SKF_ChangePinMS
SKF_CleanAllFingers
SKF_ClearSecureState
SKF_ClearSymmKey
SKF_CloseApplication
SKF_CloseContainer
SKF_CloseHandle
SKF_ConnectDev
SKF_CreateApplication
SKF_CreateContainer
SKF_CreateFile
SKF_Decrypt
SKF_DecryptFinal
SKF_DecryptInit
SKF_DecryptUpdate
SKF_DeleteApplication
SKF_DeleteCertificate
SKF_DeleteContainer
SKF_DeleteFile
SKF_DeleteFinger
SKF_DeleteKeyPair
SKF_DevAuth
SKF_Digest
SKF_DigestFile
SKF_DigestFinal
SKF_DigestInit
SKF_DigestInit_Display
SKF_DigestUpdate
SKF_DigestUpdate_Display
SKF_DisConnectDev
SKF_ECCDecrypt
SKF_ECCExportSessionKey
SKF_ECCExportSessionKeyByHandle
SKF_ECCExportSessionKeyByHandleEx
SKF_ECCPrvKeyDecrypt
SKF_ECCPrvKeyDecryptEx
SKF_ECCSignData
SKF_ECCSignDataEx
SKF_ECCSignDataInteractive
SKF_ECCSignDataInteractiveCancel
SKF_ECCVerify
SKF_EnableFinger
SKF_Encrypt
SKF_EncryptFinal
SKF_EncryptInit
SKF_EncryptReadFile
SKF_EncryptUpdate
SKF_EncryptWriteFile
SKF_EnrollFinger
SKF_EnrollFingerInit
SKF_EnumApplication
SKF_EnumContainer
SKF_EnumDev
SKF_EnumFiles
SKF_ExportCertificate
SKF_ExportPublicKey
SKF_ExtECCDecrypt
SKF_ExtECCEncrypt
SKF_ExtECCSign
SKF_ExtECCVerify
SKF_ExtRSAEncrypt
SKF_ExtRSAPriKeyOperation
SKF_ExtRSAPubKeyOperation
SKF_ExtRSAVerify
SKF_GenECCKeyPair
SKF_GenExtECCKeyPair
SKF_GenExtRSAKey
SKF_GenRSAKeyPair
SKF_GenRSAKeyPairEx
SKF_GenRandom
SKF_GenRemoteUnblockRequest
SKF_GenerateAgreementDataAndKeyWithECC
SKF_GenerateAgreementDataAndKeyWithECCEx
SKF_GenerateAgreementDataWithECC
SKF_GenerateKey
SKF_GenerateKeyWithECC
SKF_GenerateKeyWithECCEx
SKF_GenerateSessionKey
SKF_GetApplicationInfoEx
SKF_GetContainerInfo
SKF_GetContainerType
SKF_GetDevInfo
SKF_GetDevState
SKF_GetFileInfo
SKF_GetFingerDescriptor
SKF_GetFingerInfo
SKF_GetPINInfo
SKF_ImportCertificate
SKF_ImportECCKeyPair
SKF_ImportExtECCKeyPair
SKF_ImportExtRSAKeyPair
SKF_ImportRSAKeyPair
SKF_ImportRSAKeyPairDER
SKF_ImportSessionKey
SKF_ImportSessionKeyEx
SKF_InitializeFinger
SKF_InitializeFingerEx
SKF_IsVerifyPIN
SKF_LockDev
SKF_Mac
SKF_MacFinal
SKF_MacInit
SKF_MacUpdate
SKF_OpenApplication
SKF_OpenContainer
SKF_PrvKeyDecrypt
SKF_PrvRsaKeyDecrypt
SKF_QueryFinger
SKF_RSADecrypt
SKF_RSAEncrypt
SKF_RSAExportSessionKey
SKF_RSAExportSessionKeyByHandle
SKF_RSAPrivateOperation
SKF_RSAPrvKeyDecrypt
SKF_RSAPublicOperation
SKF_RSASignData
SKF_RSASignDataInteractive
SKF_RSASignDataInteractiveCancel
SKF_RSASignEx
SKF_RSAVerify
SKF_RSAVerifyEx
SKF_ReadFile
SKF_RemoteUnblockPIN
SKF_SetContainerExInfo
SKF_SetFingerDescriptor
SKF_SetLabel
SKF_SetSessionKey
SKF_SetSessionKeyFromFile
SKF_SetSymmKey
SKF_TestFinger
SKF_Transmit
SKF_UnblockFinger
SKF_UnblockPIN
SKF_UnblockPinMS
SKF_UnlockDev
SKF_UpdateApplication
SKF_VerifyContainerFinger
SKF_VerifyContainerFingerInit
SKF_VerifyFinger
SKF_VerifyFingerInit
SKF_VerifyFingers
SKF_VerifyFingersInit
SKF_VerifyPIN
SKF_VerifyPinMS
SKF_WaitForDevEvent
SKF_WriteFile

Sections

.text
Size: 470KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c76ddf6e1ee69230b6330c8c07d7d2d8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

hid

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 470KB - Virtual size: 469KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 12KB - Virtual size: 38KB

.pdata Size: 18KB - Virtual size: 18KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 470KB - Virtual size: 469KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 12KB - Virtual size: 38KB

.pdata
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB