5f67c35e814d8637057bd3f2d031e7176900bdd6c58b6300188f958825f83fc8

Sharing

Copy URL Twitter E-mail

General

Target

5f67c35e814d8637057bd3f2d031e7176900bdd6c58b6300188f958825f83fc8
Size

1.2MB
MD5

0fe43d746d970e0cbddcde4bb23304ed
SHA1

90fafb3dda28a72360913cf1240f3c2d1690b46a
SHA256

5f67c35e814d8637057bd3f2d031e7176900bdd6c58b6300188f958825f83fc8
SHA512

6455163aabf8bd4f55dac1185f86816f59e0ed6be1ca079753c865db4e6f69759b48e4a6ec8ecdc811b2119fd29aae9a20147590fc6b27851ae294eb0be70d49
SSDEEP

24576:LF3HV0rHRLfmjHprvHfVg9lDT4Y1WYZVzejkj9Gd6CT1vDd6CT1v1+6H+60rEH71:LF3HV0rHRLfmjHprvHfVg9x4YgYZKk0Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f67c35e814d8637057bd3f2d031e7176900bdd6c58b6300188f958825f83fc8

Files

5f67c35e814d8637057bd3f2d031e7176900bdd6c58b6300188f958825f83fc8
.dll windows:5 windows x86 arch:x86

9288a97665bea4367fded7778305975d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\jenkins\workspace\CIS_verify_win7_multi\bit\32\label\cis_build_win7_vs2010\msvc\2010\build\Debug\cis_cc-3.2.pdb

Imports

kernel32

GetSystemDirectoryA
GetCurrentProcessId
GlobalMemoryStatus
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
DecodePointer
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
HeapCreate
HeapDestroy
MultiByteToWideChar
ReadFile
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
RtlUnwind
WideCharToMultiByte
DeleteCriticalSection
FatalAppExitA
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoW
SetFilePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
Sleep
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
FlushFileBuffers
SetConsoleCtrlHandler
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
CreateFileA
CompareStringW
SetEnvironmentVariableA
WriteConsoleW
RaiseException
HeapReAlloc
LCMapStringW
GetStringTypeW
HeapSize
SetEndOfFile
GetProcessHeap
CreateFileW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale

Exports

Exports

BCIPHER_Decrypt
BCIPHER_DecryptAuth
BCIPHER_DecryptCCM
BCIPHER_DecryptFile
BCIPHER_DecryptFilePath
BCIPHER_DecryptFilePath_Offset
BCIPHER_DecryptFile_BSize
BCIPHER_DelKey
BCIPHER_DupKey
BCIPHER_Encrypt
BCIPHER_EncryptAuth
BCIPHER_EncryptCCM
BCIPHER_EncryptFile
BCIPHER_EncryptFilePath
BCIPHER_EncryptFilePath_Offset
BCIPHER_EncryptFile_BSize
BCIPHER_GenKey
BCIPHER_Initialize
BCIPHER_MakeKey
BCIPHER_NewKey
BCIPHER_WipeKey
CMAC_Finalize
CMAC_Initialize
CMAC_Update
CONDITIONAL_SELFTEST_HASHDRBG
CONDITIONAL_SELFTEST_HMACDRBG
CONDITIONAL_SELFTEST_KEYPAIR_KCDSA
CONDITIONAL_SELFTEST_KEYPAIR_RSAES_OAEP
CONDITIONAL_SELFTEST_KEYPAIR_RSASSA_PSS
Check_CPU_support_AES
DAC_Finalize
DAC_Initialize
DAC_Update
DSARNGSHA1_G
DSARNGSHA1_GenerateX
DSARNGSHA1_GetRandomNum
DSA_CheckKey
DSA_CheckKeyPair
DSA_CheckParam
DSA_GenKey
DSA_GenParam
DSA_SSA_S
DSA_SSA_S_File
DSA_SSA_S_Hash
DSA_SSA_V
DSA_SSA_V_File
DSA_SSA_V_Hash
EME_OAEP_DECODE
EME_OAEP_ENCODE
GMAC_Decrypt
GMAC_Encrypt
HASHDRBG_GenerateRand
HASHDRBG_GetRandNum
HASHDRBG_Instantiate
HASHDRBG_RNG
HASHDRBG_Reseed
HASH_Finalize
HASH_Initialize
HASH_InitializeEx
HASH_Update
HASH_Update_PCIS
HASH_Update_clone
HMACDRBG_GenerateRand
HMACDRBG_GetRandNum
HMACDRBG_Instantiate
HMACDRBG_RNG
HMACDRBG_Reseed
HMAC_Finalize
HMAC_Initialize
HMAC_InitializeEx
KCDSARNGHAS160_GenerateX
KCDSARNGHAS160_PRNG
KCDSARNGSHA224_PRNG
KCDSARNGSHA256_PRNG
KCDSA_CheckKey
KCDSA_CheckKeyPair
KCDSA_CheckParam
KCDSA_GenKey
KCDSA_GenKeyEx
KCDSA_GenKey_UDK
KCDSA_GenParam
KCDSA_GenParamEx
KCDSA_SSA_S
KCDSA_SSA_S0
KCDSA_SSA_S0_File
KCDSA_SSA_S_File
KCDSA_SSA_S_Hash
KCDSA_SSA_V
KCDSA_SSA_V0
KCDSA_SSA_V0_File
KCDSA_SSA_V_File
KCDSA_SSA_V_Hash
KEYSHAREFS_Gen2SharedInfo
KEYSHAREFS_Gen3SharedInfo
KEYSHAREFS_Recover2SharedInfo
KEYSHAREFS_Recover3SharedInfo
KEYSHAREFS_Repro2SharedInfo
MINT_AND
MINT_Add
MINT_AddInteger
MINT_BinExtGCD
MINT_BinGCD
MINT_ClearSecurely
MINT_Compare
MINT_Div
MINT_DivInteger
MINT_ExpWin
MINT_GetBitLength
MINT_Inverse
MINT_KMult
MINT_KSquare
MINT_LeftShift
MINT_LeftShift2
MINT_Mod2ExpN
MINT_ModClassic
MINT_ModInteger
MINT_Mult
MINT_MultInteger
MINT_OR
MINT_PrintInHexString
MINT_PrintInHexStringBWT
MINT_PrintInStructForm
MINT_Rand
MINT_RandInit
MINT_RandOnes
MINT_RandWithinMINT
MINT_RandWithinRange
MINT_ReadFromBuffer
MINT_RightShift
MINT_RightShift2
MINT_SetBy2ExpN
MINT_SetByByteArray
MINT_SetByHexString
MINT_SetByInteger
MINT_Square
MINT_Sub
MINT_SubInteger
MINT_WriteInByteArray
MINT_WriteInHexString
MINT_WriteInHexStringBWT
MINT_WriteInStructForm
MINT_WriteLSNByteInByteArray
MINT_WriteToBuffer
MINT_XOR
MINT_from_mont
MINT_from_mont_word
MINT_mont_exp_mod
MINT_mont_mul_mod
MINT_mont_set
PCIS_CC_FPE_Decrypt
PCIS_CC_FPE_Encrypt
PCIS_CC_FPE_Initialize
PCIS_CC_Finalize
PCIS_CC_GetPreState
PCIS_CC_GetState
PCIS_CC_Initialize
PCIS_CC_SetPreStateConditionalSelfTest
PCIS_CC_SetState
PCIS_CC_SetStateConditionalSelfTest
PCIS_CC_SetStateNotVerifiedService
PCIS_CC_SetStateVerifiedService
PCIS_CC_Version
PCIS_CC_Version_Full
PCIS_LEA_DecryptBlock_128
PCIS_LEA_DecryptBlock_192
PCIS_LEA_DecryptBlock_256
PCIS_LEA_EncryptBlock_128
PCIS_LEA_EncryptBlock_192
PCIS_LEA_EncryptBlock_256
PCIS_LEA_MakeRoundKey_128
PCIS_LEA_MakeRoundKey_192
PCIS_LEA_MakeRoundKey_256
PKCRYPT_CheckKey
PKCRYPT_CheckKeyPair
PKCRYPT_CheckParam
PKCRYPT_Decrypt
PKCRYPT_DelParam
PKCRYPT_DelPriKey
PKCRYPT_DelPubKey
PKCRYPT_Encrypt
PKCRYPT_GenKey
PKCRYPT_GenParam
PKCRYPT_NewParam
PKCRYPT_NewPriKey
PKCRYPT_NewPubKey
PKCRYPT_Sign
PKCRYPT_SignFile
PKCRYPT_SignHash
PKCRYPT_Verify
PKCRYPT_VerifyFile
PKCRYPT_VerifyHash
PKCRYPT_WipePriKey
PRIME_GeneratePrime
PRIME_GeneratePrimeCongruence
PRIME_GenerateStrongPrime
PRIME_MRTest
PRIME_SelectMRIter
RANDANSI_GetRandomNum
RANDANSI_Initialize
RANDHASH_GetRandomNum
RANDHASH_Initialize
RC4_crypt
RC4_init
RNGSEED_GetSeed
RNGSEED_GetSeedKey
RSA20_CheckKey
RSA20_CheckKeyPair
RSA20_ES_D
RSA20_ES_E
RSA20_GenKey
RSA20_I2OSP
RSA20_SP1
RSA20_SSA_S
RSA20_SSA_S_File
RSA20_SSA_S_Hash
RSA20_SSA_V
RSA20_SSA_V_File
RSA20_SSA_V_Hash
RSA20_VP1
RSAES_OAEP_DECRYPT21
RSAES_OAEP_ENCRYPT21
RSA_CheckKey
RSA_CheckKeyPair
RSA_GenKey
RSA_GenKeyE
RSA_GenKeyEx
RSA_GenKey_Exact
RSA_I2OSP
RSA_SP1
RSA_SSA_PSS_S
RSA_SSA_PSS_V
RSA_SSA_S
RSA_SSA_S_File
RSA_SSA_S_Hash
RSA_SSA_V
RSA_SSA_V_File
RSA_SSA_V_Hash
RSA_VP1
SELFTEST_ARIA_128K
SELFTEST_ARIA_192K
SELFTEST_ARIA_256K
SELFTEST_CCM_ARIA128
SELFTEST_CCM_ARIA192
SELFTEST_CCM_ARIA256
SELFTEST_CCM_SEED
SELFTEST_CMAC_ARIA128
SELFTEST_CMAC_ARIA192
SELFTEST_CMAC_ARIA256
SELFTEST_CMAC_SEED
SELFTEST_DoModuleIntegrityTest
SELFTEST_DoPowerUpSelfTest
SELFTEST_EntropyHeathTest
SELFTEST_GMAC_ARIA128
SELFTEST_GMAC_ARIA192
SELFTEST_GMAC_ARIA256
SELFTEST_GMAC_SEED
SELFTEST_HASH_DRBG224
SELFTEST_HASH_DRBG256
SELFTEST_HASH_DRBG384
SELFTEST_HASH_DRBG512
SELFTEST_HMAC_DRBG224
SELFTEST_HMAC_DRBG256
SELFTEST_HMAC_DRBG384
SELFTEST_HMAC_DRBG512
SELFTEST_HMAC_SHA224
SELFTEST_HMAC_SHA256
SELFTEST_HMAC_SHA384
SELFTEST_HMAC_SHA512
SELFTEST_KCDSA
SELFTEST_RSAES_OAEP
SELFTEST_RSASSA_PSS
SELFTEST_SEED
SELFTEST_SHA224
SELFTEST_SHA256
SELFTEST_SHA384
SELFTEST_SHA512
SELFTEST_SequentialRNGTest
SELFTEST_VerifiedAlgorithm
__HMAC_Update
aesni
aesni256
aria
aria192
aria256
blowfish
cast128
des
dsa
idea
md2
p_kcdsa1
paca
pacaold
pcis_cc_fpe_ff1
pcis_cc_fpe_ff3
pcis_lea_128
pophas160
popkcdsa
popmd5
popsha1
rc2
rc5
rijndael
rijndael256
ripemd160
rsa
rsa20
rsa21
seed
sha224
sha256
sha384
sha512
tdes

Sections

.text
Size: 676KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 403KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9288a97665bea4367fded7778305975d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 676KB - Virtual size: 675KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 403KB - Virtual size: 411KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 676KB - Virtual size: 675KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 403KB - Virtual size: 411KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 18KB