3ce5ccd795960047edcb98fa037f0ddcce51419f3e5b1f4a986c3a7c32f5d191

Sharing

Copy URL Twitter E-mail

General

Target

3ce5ccd795960047edcb98fa037f0ddcce51419f3e5b1f4a986c3a7c32f5d191
Size

530KB
MD5

963e1ac6d58aa9a9493ce1c3a79bd905
SHA1

5f3564765ae3b894c234c50068c11f7a85644374
SHA256

3ce5ccd795960047edcb98fa037f0ddcce51419f3e5b1f4a986c3a7c32f5d191
SHA512

6dd41aa5a7052182504717f5120011437f4837fceaa3c0568d7bf3954b8cb95f20d04e633d7496b9f37d804b46df0ba475cad06f5f5ee6e2d963307853f86c74
SSDEEP

12288:MufvjKHQgGndvKvD0VHIXoQx59+rcojC//QlUc:H/vgYVHM9+YojCH8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ce5ccd795960047edcb98fa037f0ddcce51419f3e5b1f4a986c3a7c32f5d191

Files

3ce5ccd795960047edcb98fa037f0ddcce51419f3e5b1f4a986c3a7c32f5d191
.exe windows:5 windows x86 arch:x86

860f585352ac83222b923f6cc9a823a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\EM100Pro\EM100_bin\smucmd.pdb

Imports

setupapi

CM_Connect_MachineW
SetupDiGetClassDevsA
CM_Locate_DevNode_ExW
CM_Reenumerate_DevNode_Ex
SetupDiGetDeviceRegistryPropertyW
SetupDiClassGuidsFromNameExW
SetupDiGetClassDevsExW
SetupDiCreateDeviceInfoListExW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInfoListDetailW
SetupDiEnumDeviceInfo
CM_Get_Device_ID_ExW
SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA

user32

CharNextW
GetWindowTextLengthW
GetWindowTextW
EnumWindows
FindWindowW
SendMessageW
UnregisterDeviceNotification
RegisterDeviceNotificationA
GetWindowThreadProcessId

advapi32

IsTextUnicode

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

clicmdinterpreter

CliStartEmulation
CliSetCS
CliCheckDeviceAuthentication
CliIsMemoryEmulationRunning
CliIsEM100ProUSBOpened
CliStopEmulation
CliSetRSTPin
CliSetRSTPinLowTime
CliGetProductInfo
CliGetConfigFileInfo
CliSetChipType
CliSetDieEraseSize
CliSetAddrLen
CliDoReconfigFPGA
CliSwitchFPGAVersion
CliSetMISODriven
CliSetSetQEbit
CliGetSerailNumber
CliReadFromEM100Provector
CliSaveBufferToFile
CliEM100ProVerify
CliGetDedicateEmulator
CliInitialEM100ProDLL
CliCheckUSBDeviceNum
CliSetEM100ProG3
CliIsEM100ProG3
CliSetEM100ProG2
CliIsEM100ProG2
CliWriteRPMC
CliLoadFileToDLLBuffer
CliDownloadDLLBufferToEM100Pro
CliUpdateFirmware
CliSystemBootFromEM100Pro
CliCloseEM100ProDLL
CliSetHoldPin

kernel32

CreateFileW
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleHandleA
GetStringTypeA
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
FlushFileBuffers
SetEndOfFile
IsValidLocale
GetLastError
ReadFile
SetFilePointer
GetConsoleMode
GetConsoleCP
WriteFile
IsValidCodePage
GetOEMCP
GetACP
GetStartupInfoA
GetFileType
SetHandleCount
SetLastError
VirtualAlloc
VirtualFree
HeapCreate
CreateThread
GetCurrentThreadId
ExitThread
ExitProcess
GetProcAddress
GetModuleHandleW
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
FormatMessageA
LocalFree
GetTickCount
ResumeThread
TlsSetValue
MultiByteToWideChar
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
GetModuleFileNameW
GetSystemTimeAsFileTime
CreateEventA
CloseHandle
HeapAlloc
GetProcessHeap
HeapFree
SetEvent
WaitForSingleObject
GetStdHandle
GetPrivateProfileStringW
Sleep
VerSetConditionMask
VerifyVersionInfoW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
lstrlenW
GetWindowsDirectoryW
DeleteFileW
WideCharToMultiByte
CreateFileA
DeviceIoControl
GetOverlappedResult
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
HeapDestroy
HeapReAlloc
HeapSize
GetCurrentProcessId
ReleaseMutex
TlsAlloc
TlsFree
TlsGetValue
CreateMutexA

shell32

SHGetFolderPathW

Sections

.text
Size: 397KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

860f585352ac83222b923f6cc9a823a0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

user32

advapi32

version

clicmdinterpreter

kernel32

shell32

Sections

.text Size: 397KB - Virtual size: 396KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 20KB - Virtual size: 28KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 34KB - Virtual size: 33KB

.text
Size: 397KB - Virtual size: 396KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 20KB - Virtual size: 28KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 34KB - Virtual size: 33KB