a987e3601be09a4be216daa452f1329fd3984224e6cf59f6a992eeb064aeeeac

Sharing

Copy URL Twitter E-mail

General

Target

a987e3601be09a4be216daa452f1329fd3984224e6cf59f6a992eeb064aeeeac
Size

2.0MB
MD5

1b47da4dd0e6e4d2cf71bcc87030a838
SHA1

cad769d2afe3ff64c4d0be9c27c919ac6767d47e
SHA256

a987e3601be09a4be216daa452f1329fd3984224e6cf59f6a992eeb064aeeeac
SHA512

ecaeaba5f19bb60f0c9b342ec11902f47ac84c4b2ecf51e5f71d5df20fd26b6dfc709d1c7365a414ec4e3c05a7838302f3bb0d5e201f3d484a6ef61e8f818184
SSDEEP

24576:LJ4d/AieEy0YiSUMfy5QuI4YHjxAFC0ljtoFrFFAwLv2Da7pWDVp2P+q5gdB9VtD:LJ49AieB5byJpta04J5gdBHtxT2Ta/i0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a987e3601be09a4be216daa452f1329fd3984224e6cf59f6a992eeb064aeeeac

Files

a987e3601be09a4be216daa452f1329fd3984224e6cf59f6a992eeb064aeeeac
.exe windows:5 windows x86 arch:x86

3622a41b1c148526c636b8a61d69506e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BuildAgent\_work\155\s\EBankingAssistant\NextGen\TapestryEdition\XJRCCB\EBankAssistant\x86\Release\XJRCCBAssistant.pdb

Imports

kernel32

SetFileTime
LocalFileTimeToFileTime
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
CreateFileA
SetStdHandle
GetTimeZoneInformation
LoadLibraryA
GetLocaleInfoW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetModuleHandleA
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedDecrement
InterlockedIncrement
HeapReAlloc
lstrcmpiW
MulDiv
GetACP
ExitProcess
LockResource
GetVolumeInformationW
GetComputerNameA
GetShortPathNameW
ExpandEnvironmentStringsW
GetLongPathNameW
SetEndOfFile
SetFilePointer
HeapAlloc
GetProcessHeap
HeapFree
SetUnhandledExceptionFilter
lstrcpyW
FileTimeToLocalFileTime
GetFileTime
GetCurrentThreadId
GetCurrentProcessId
lstrlenW
IsBadCodePtr
IsBadReadPtr
Module32NextW
lstrcpynW
Module32FirstW
CreateToolhelp32Snapshot
GetFileSizeEx
DeleteFileW
GetTempPathW
WriteFile
ReadFile
GetFileSize
FreeResource
LoadResource
SizeofResource
FindResourceW
GlobalUnlock
GlobalLock
GlobalAlloc
GetExitCodeProcess
CreateProcessW
DeviceIoControl
CreateFileW
GetCurrentProcess
RemoveDirectoryW
FindNextFileW
FindClose
CreateDirectoryW
FindFirstFileW
GetNativeSystemInfo
GetVersionExW
MultiByteToWideChar
WideCharToMultiByte
SetFileAttributesW
GetFileAttributesW
GetSystemDirectoryW
SetLastError
RtlUnwind
RaiseException
IsDebuggerPresent
GetStartupInfoW
UnhandledExceptionFilter
ResumeThread
LoadLibraryExW
InterlockedExchange
InitializeCriticalSection
MoveFileW
CopyFileW
FileTimeToSystemTime
TerminateThread
VerSetConditionMask
VerifyVersionInfoW
GetUserDefaultUILanguage
CompareFileTime
SystemTimeToFileTime
GetSystemTime
CreateThread
GetModuleFileNameW
Sleep
CloseHandle
CreateEventW
OpenEventW
GetModuleHandleW
FormatMessageW
GetLocalTime
WritePrivateProfileStringW
GetLastError
GetTickCount
GetSystemTimeAsFileTime
ResetEvent
WaitForMultipleObjects
WaitForSingleObject
SetEvent
FreeLibrary
GetProcAddress
LoadLibraryW
LocalFree
TerminateProcess
LocalAlloc

user32

CopyRect
GetPropW
SetPropW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
RegisterClassW
LoadCursorW
SetActiveWindow
EnableWindow
IsWindowEnabled
GetDesktopWindow
DefWindowProcW
SetWindowRgn
OffsetRect
MonitorFromWindow
GetMonitorInfoW
GetParent
LoadImageW
SetCapture
DispatchMessageW
TranslateMessage
GetMessageW
InvalidateRect
GetSysColor
ReleaseCapture
PtInRect
CreateWindowExW
MapWindowPoints
IsWindowVisible
UnionRect
IsRectEmpty
EndPaint
BeginPaint
GetUpdateRect
SetFocus
GetWindow
GetActiveWindow
MonitorFromRect
GetFocus
CreateCaret
SetCaretPos
GetCaretBlinkTime
SetTimer
KillTimer
InflateRect
GetWindowLongW
GetClientRect
GetDC
ReleaseDC
DestroyWindow
CharNextW
GetKeyState
ScreenToClient
SetForegroundWindow
SetWindowTextW
GetWindowTextLengthW
GetCaretPos
GetWindowTextW
MonitorFromPoint
GetClassLongW
GetWindowRect
SystemParametersInfoW
SetWindowPos
PostMessageW
MessageBoxW
LoadStringW
FindWindowW
IsWindow
ShowWindow
IsIconic
SendMessageW
IsZoomed
GetWindowRgn
ShowCaret
HideCaret
ClientToScreen
RegisterWindowMessageW
RegisterDeviceNotificationW
UnregisterDeviceNotification
PostQuitMessage
GetCursorPos
SetRect
EqualRect
wvsprintfW
SetCursor
CreatePopupMenu
AppendMenuW
EnableMenuItem
SetWindowLongW
MoveWindow
LoadIconW
TrackPopupMenu
DestroyMenu
FillRect
DrawTextW
InvalidateRgn
CharPrevW
CreateAcceleratorTableW
GetGUIThreadInfo
wsprintfA
DrawTextA
MapVirtualKeyExW
GetKeyboardLayout
IntersectRect
GetKeyNameTextW
GetSystemMetrics
wsprintfW

advapi32

UnregisterTraceGuids
OpenProcessToken
ConvertSidToStringSidA
LookupAccountNameA
CryptEncrypt
CryptSetKeyParam
CryptDecrypt
CryptGenRandom
CryptImportKey
CryptExportKey
CryptGenKey
CryptDestroyKey
CryptGetKeyParam
CryptGetUserKey
CryptSignHashW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
GetTokenInformation
RegSetValueExW
RegCreateKeyExW
QueryServiceConfigW
QueryServiceStatus
TraceEvent
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
ControlTraceW
RegQueryValueExW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
CryptAcquireContextW
CryptReleaseContext
StartTraceW
CloseTrace
EnableTrace
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
CryptEnumProvidersW
ControlService
EnumDependentServicesW
StartServiceW
QueryServiceStatusEx
DeleteService
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
CryptGetProvParam

shell32

ShellExecuteExW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
DragQueryFileW
SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW
SHGetFolderPathW

ole32

CoCreateInstance
CoUninitialize
OleInitialize
OleUninitialize
CLSIDFromProgID
OleLockRunning
ReleaseStgMedium
RegisterDragDrop
DoDragDrop
OleDuplicateData
StringFromGUID2
CoCreateGuid
CreateStreamOnHGlobal
CoGetMalloc
CLSIDFromString
CoInitialize

oleaut32

SysStringByteLen
SysFreeString
SysAllocStringByteLen
VariantClear
VariantInit
SysAllocString
SysAllocStringLen

shlwapi

StrStrIA
PathRemoveFileSpecW
PathCombineW
StrStrIW
StrRStrIW
StrRStrIA
StrStrW
PathFileExistsW

crypt32

CertFindCertificateInStore
CryptVerifyDetachedMessageSignature
CryptEncodeObject
CertDuplicateCertificateContext
CryptAcquireCertificatePrivateKey
CryptDecodeObjectEx
CertFindExtension
CertGetNameStringW
CertNameToStrW
CertCloseStore
CertFreeCertificateChain
CertGetCertificateChain
CertCreateCertificateChainEngine
CertAddCertificateContextToStore
CertOpenSystemStoreW
CryptExportPublicKeyInfo
CertAddEncodedCertificateToStore
CertSetCertificateContextProperty
CertDeleteCertificateFromStore
CryptQueryObject
CryptMsgGetParam
CryptMsgClose
CertGetPublicKeyLength
CertGetCertificateContextProperty
CertFreeCertificateContext
CertEnumCertificatesInStore
CertFreeCertificateChainEngine
CertCreateCertificateContext
CertOpenStore

wininet

InternetOpenA
InternetReadFile
InternetConnectA
HttpAddRequestHeadersA
InternetSetOptionW
FindCloseUrlCache
FindNextUrlCacheEntryExW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryExW
HttpOpenRequestA
HttpSendRequestA
InternetQueryDataAvailable
InternetCloseHandle
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetQueryOptionW
InternetConnectW
InternetOpenW
InternetGetLastResponseInfoW
HttpQueryInfoA

dbghelp

MiniDumpWriteDump

setupapi

CM_Get_Device_IDW
CM_Get_Device_ID_Size
CM_Get_Parent
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

gdi32

GetDeviceCaps
CreateCompatibleBitmap
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateDIBitmap
AddFontMemResourceEx
SaveDC
SetBitmapBits
CreateRoundRectRgn
SetBkMode
SetTextColor
GetBitmapBits
GetTextExtentPointA
GdiFlush
TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
GetObjectA
RoundRect
Rectangle
LineTo
MoveToEx
CreatePenIndirect
ExtTextOutW
SetBkColor
SetStretchBltMode
StretchBlt
CombineRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
SelectClipRgn
PtInRegion
CreateRectRgn
CreateDIBSection
GetObjectW
GetStockObject
CreateFontIndirectW
CreatePen
DeleteObject
DeleteDC
RemoveFontMemResourceEx
BitBlt
RestoreDC
SetWindowOrgEx
CreateEnhMetaFileW
CloseEnhMetaFile
GetTextMetricsW
CreateCompatibleDC
CreateSolidBrush
SelectObject

gdiplus

GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsList
GdipDeleteFont
GdipCreateFontFromDC
GdipImageGetFrameDimensionsCount
GdipDrawString
GdipMeasureString
GdipSetStringFormatLineAlign
GdipLoadImageFromFile
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipCloneImage
GdipDrawImageRectI
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipSetStringFormatAlign
GdipCloneBrush
GdipLoadImageFromStream
GdipDisposeImage
GdipAlloc
GdipFree
GdipSetTextRenderingHint
GdipGetImageHeight
GdipGetImageWidth
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipCreateSolidFill
GdipDeleteBrush
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateFontFromLogfontA

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

getaddrinfo
WSAGetLastError
inet_ntoa
freeaddrinfo
gethostbyname
gethostname
WSACleanup
WSAStartup

iphlpapi

GetAdaptersInfo
GetNetworkParams

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
WTHelperProvDataFromStateData

cryptui

CryptUIDlgViewCertificateW

comctl32

_TrackMouseEvent
ord17
InitCommonControlsEx

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 325KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3622a41b1c148526c636b8a61d69506e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

wininet

dbghelp

setupapi

gdi32

gdiplus

version

ws2_32

iphlpapi

wintrust

cryptui

comctl32

imm32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 325KB - Virtual size: 325KB

.data Size: 60KB - Virtual size: 71KB

.rsrc Size: 71KB - Virtual size: 71KB

.reloc Size: 119KB - Virtual size: 118KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 325KB - Virtual size: 325KB

.data
Size: 60KB - Virtual size: 71KB

.rsrc
Size: 71KB - Virtual size: 71KB

.reloc
Size: 119KB - Virtual size: 118KB