a106cca8493ca94c6a376f88cbcd10c0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a106cca8493ca94c6a376f88cbcd10c0N.exe
Size

1.2MB
MD5

a106cca8493ca94c6a376f88cbcd10c0
SHA1

15404e75f83f9cae338b8f6c36d0b98ce31b81d7
SHA256

7af31ca0a4e98f1ec9a5dcddffc8965e9eef5608ba9c2da4a9cb7d23efd2d2ed
SHA512

acae829a6203f33f1a41a033ad8af9bc03fba960a958363706b029b68dda690bc59175b111ae7564742a56854ab917251c0207535892ebf9776ca04b348dc293
SSDEEP

24576:VpcUtXXa8hDF1F4wNkn27VeAViMs2p4IxHoQb9vHA/nhTBrjZArfXSf:VpcuOWQLEdj2hTpZKKf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a106cca8493ca94c6a376f88cbcd10c0N.exe

Files

a106cca8493ca94c6a376f88cbcd10c0N.exe
.exe windows:4 windows x86 arch:x86

3a452f99369b6e01abaa5d3908b51d10

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\nlbom\ubkey\program\pc\windows\Project\03_PCSecurity\source\ApplicationSource - 2(static)\UBKey_WIN7 - 복사본\release\EnrollIris.pdb

Imports

winmm

sndPlaySoundA

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetStartupInfoA
InterlockedCompareExchange
ResumeThread
WaitForSingleObject
GetTickCount
GlobalFree
CreateEventA
MultiByteToWideChar
InterlockedExchange
FindClose
FindFirstFileA
Process32Next
CloseHandle
TerminateProcess
GetExitCodeProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetModuleFileNameA
ResetEvent
SetEvent
GetSystemDefaultLangID
Sleep
GlobalAlloc
GetLastError
CreateMutexA

user32

LoadImageA
GetParent
GetSysColor
OffsetRect
GetNextDlgGroupItem
WindowFromPoint
GetCursorPos
ReleaseCapture
GetCapture
ClientToScreen
GetWindowLongA
GetSystemMenu
TranslateMessage
PeekMessageA
ReleaseDC
IsWindow
MsgWaitForMultipleObjects
LoadIconA
AppendMenuA
DrawStateA
DrawIcon
GetSystemMetrics
SendMessageA
IsIconic
PostMessageA
DispatchMessageA
SetRect
InvalidateRect
PtInRect
CopyRect
SetWindowRgn
GetWindowRect
GetClientRect
EnableWindow
SetWindowPos
GetDC

gdi32

ExtTextOutA
GetObjectA
CreateCompatibleBitmap
RealizePalette
SelectPalette
CreateFontIndirectA
DeleteDC
StretchBlt
BitBlt
SelectObject
CreateCompatibleDC
DeleteObject
StretchDIBits
SetStretchBltMode
CreatePalette
CreateSolidBrush
CombineRgn
CreateRectRgn
CreateDIBSection
GetDIBits
RestoreDC
SetDIBitsToDevice
ExtSelectClipRgn
GetEnhMetaFilePaletteEntries
PlayEnhMetaFile
SetEnhMetaFileBits
GetEnhMetaFileHeader
DeleteEnhMetaFile
GetDeviceCaps
SetWinMetaFileBits
RectVisible
CreateBitmap
SetBkColor
SaveDC
GetClipBox
CreateRectRgnIndirect

sqlite3

sqlite3_step
sqlite3_finalize
sqlite3_free
sqlite3_mprintf
sqlite3_prepare
sqlite3_errmsg
sqlite3_changes
sqlite3_open
sqlite3_close
sqlite3_exec
sqlite3_column_text
sqlite3_column_count
sqlite3_busy_timeout

mfc80

ord4038
ord1728
ord4232
ord3684
ord3164
ord3761
ord3161
ord753
ord563
ord1929
ord5637
ord587
ord2372
ord4115
ord1545
ord764
ord3255
ord2385
ord4125
ord2403
ord2657
ord2415
ord4320
ord2392
ord2408
ord2413
ord326
ord2396
ord2398
ord2400
ord2394
ord5731
ord2410
ord2390
ord934
ord1123
ord930
ord932
ord928
ord923
ord5233
ord5235
ord5960
ord2322
ord1600
ord304
ord4282
ord297
ord3403
ord310
ord578
ord1934
ord4262
ord4185
ord4486
ord6275
ord3210
ord3949
ord5073
ord2644
ord1908
ord3709
ord5152
ord3719
ord4244
ord3718
ord1401
ord2533
ord3946
ord2646
ord1617
ord2540
ord1620
ord2862
ord5912
ord2714
ord6724
ord6703
ord3163
ord4307
ord2835
ord2731
ord1551
ord299
ord2537
ord1670
ord5200
ord1671
ord1599
ord2020
ord1489
ord784
ord1655
ord4890
ord1656
ord1964
ord4212
ord1794
ord5175
ord5182
ord1892
ord1362
ord4967
ord3345
ord6277
ord3802
ord6279
ord1522
ord2172
ord2178
ord6065
ord2405
ord2387
ord266
ord1280
ord4580
ord3204
ord6063
ord4353
ord2264
ord4722
ord5203
ord2131
ord781
ord1903
ord762
ord3441
ord3641
ord354
ord3302
ord605
ord4735
ord3830
ord1054
ord5975
ord741
ord3333
ord4261
ord4481
ord2838
ord5566
ord5213
ord5230
ord4568
ord3948
ord2248
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord1207
ord4541
ord3683
ord566
ord757
ord2371
ord5613
ord2095
ord1024
ord1591
ord6725
ord3182
ord5915
ord1402
ord6236
ord4240
ord5214
ord2991
ord501
ord709
ord1482
ord3317
ord3997
ord4109
ord378
ord4085
ord5833
ord4035
ord1084
ord628
ord5529
ord572
ord4749
ord2272
ord1916
ord6067
ord1063
ord907
ord2367
ord265
ord347
ord602
ord1279

msvcr80

_close
_setmbcp
_unlink
_lseek
_write
_read
_setmode
_open
pow
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
free
malloc
atoi
atof
fopen
fclose
fread
fwrite
fseek
ftell
fflush
feof
ferror
fputc
getc
fgets
fscanf
_purecall
sscanf
_mbsrchr
calloc
memcpy
realloc
floor
_strnicmp
__CxxFrameHandler3
_CIsqrt
strncpy
memset
sprintf
_CIcos
_CIsin
ldiv
_CIexp
_CIfmod
_CIpow
qsort
rand
ceil
_CIlog
_CxxThrowException
_swab
_setjmp3
__CxxLongjmpUnwind
longjmp
strncmp
isprint
printf
fprintf
__iob_func
_snprintf
abort
_gmtime64
strtod
exit
getenv
tmpnam
vsprintf
strrchr
memmove
isspace
isdigit
strchr
isalpha
vfprintf
strtok
_mktime64
_stricmp
putc
_getcwd
_errno
fgetc
perror
strstr
tmpfile
isupper
strlen
strcpy
_initterm_e
exp
log
sqrt
fabs
atan2
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm

comctl32

_TrackMouseEvent
InitCommonControlsEx

ubkeysdk

_UBKeySDK_VerifyMatch@20
_UBKeySDK_SetMatchLevel@4
_UBKeySDK_Terminate@0
_UBKeySDK_Init@12
_UBKeySDK_StopCapture@4
_UBKeySDK_Enroll@24
_UBKeySDK_Process@12
_UBKeySDK_Capture@24

ws2_32

ntohs
htonl
ntohl
htons

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXAAV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEJXZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPBD0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEJPBDPAX@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z

Sections

.text
Size: 816KB - Virtual size: 815KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a452f99369b6e01abaa5d3908b51d10

Headers

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

gdi32

sqlite3

mfc80

msvcr80

comctl32

ubkeysdk

ws2_32

Exports

Exports

Sections

.text Size: 816KB - Virtual size: 815KB

.rdata Size: 204KB - Virtual size: 203KB

.data Size: 12KB - Virtual size: 40KB

.rsrc Size: 164KB - Virtual size: 162KB

.text
Size: 816KB - Virtual size: 815KB

.rdata
Size: 204KB - Virtual size: 203KB

.data
Size: 12KB - Virtual size: 40KB

.rsrc
Size: 164KB - Virtual size: 162KB