0b78fa2e65b5d28f2aab0368a348e14636676b478ca32e350a4c1ea4041eb8aa

Sharing

Copy URL

Twitter E-mail

General

Target

0b78fa2e65b5d28f2aab0368a348e14636676b478ca32e350a4c1ea4041eb8aa
Size

1.5MB
MD5

b67d68b5dee0c3873b3e3696cb090746
SHA1

744dfcee6f3f4a7b7b01c6b867904b1bb5dbef59
SHA256

0b78fa2e65b5d28f2aab0368a348e14636676b478ca32e350a4c1ea4041eb8aa
SHA512

a95e5337e709189410a5ab82186abaaea3c5398a6b4c7d2a552dd1a96117734ab9a2f9946171a356eb47941a8307d0ef47fbf172ed1ab3d03a03e2925aed9da8
SSDEEP

24576:NTsN4byq0qeUxeOODfVggcLQpgno3yi/kd+feTDjXFeGZQroB9kQW6J6VzlI+gp4:dWjgOT6T0p8dDTDjdQrKiX68JI+gpUx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5b1aa2286d1b856ce45fc1bf075f36454aaac664460afb91185c4cc451291b62.dll

Files

0b78fa2e65b5d28f2aab0368a348e14636676b478ca32e350a4c1ea4041eb8aa
.zip

Password: infected
5b1aa2286d1b856ce45fc1bf075f36454aaac664460afb91185c4cc451291b62.dll
.dll windows:6 windows x86 arch:x86

21290d9d3a8c60157412c08f4b84b335

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

NBUidai.pdb

Imports

psapi

GetModuleInformation

dbghelp

SymFunctionTableAccess64
SymSetOptions
SymGetOptions
SymCleanup
SymFromAddr
SymUnloadModule64
SymLoadModuleEx
SymSetSearchPath
SymInitialize
SymGetLineFromAddr64
SymGetModuleBase64
StackWalk64

bcrypt

BCryptDestroyKey
BCryptEncrypt
BCryptVerifySignature
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDecrypt
BCryptGenerateSymmetricKey
BCryptGetProperty
BCryptSetProperty
BCryptOpenAlgorithmProvider

crypt32

PFXExportCertStoreEx
PFXVerifyPassword
PFXIsPFXBlob
PFXImportCertStore
CertCreateSelfSignCertificate
CertStrToNameA
CertNameToStrA
CryptAcquireCertificatePrivateKey
CryptImportPublicKeyInfoEx2
CertAddCertificateLinkToStore
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CertSetCertificateContextProperty
CertFreeCertificateContext
CertCreateCertificateContext
CertFindCertificateInStore
CertCloseStore
CertOpenStore
CryptDecodeObjectEx

ncrypt

NCryptOpenKey
NCryptOpenStorageProvider
NCryptFreeObject
NCryptCreatePersistedKey
NCryptSetProperty
NCryptFinalizeKey
NCryptDecrypt
NCryptSignHash
NCryptDeleteKey

netapi32

NetWkstaGetInfo
NetApiBufferFree

kernel32

ResetEvent
SetEvent
QueryPerformanceFrequency
GetModuleHandleA
ClearCommError
SetupComm
GetCommProperties
GetCommState
GetCommTimeouts
PurgeComm
SetCommState
SetCommTimeouts
WaitForSingleObjectEx
CreateEventW
GetTempPathW
GetTimeZoneInformation
GetFileAttributesExW
DeleteFileW
SetEndOfFile
CreateEventA
CreateWaitableTimerA
SetWaitableTimer
DeviceIoControl
GetFileAttributesExA
DeleteFileA
CreateFileA
CreateFileW
OutputDebugStringW
WriteConsoleW
DecodePointer
ReadConsoleW
ReadFile
FlushFileBuffers
LocalFree
FormatMessageA
CloseHandle
GetLastError
WaitForSingleObject
Sleep
GetCurrentProcess
CreateThread
GetCurrentThread
GetCurrentThreadId
FreeLibrary
GetProcAddress
LoadLibraryExA
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetEnvironmentVariableA
GetCurrentDirectoryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetStdHandle
IsDebuggerPresent
OutputDebugStringA
WriteConsoleA
RtlCaptureContext
VirtualQuery
GetModuleFileNameA
CreateDirectoryA
GetFileAttributesA
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
EncodePointer
RaiseException
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
GetACP
HeapAlloc
HeapReAlloc
GetFileType
GetStringTypeW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
SetStdHandle
HeapSize
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx

setupapi

SetupDiGetClassDevsA
SetupDiGetDevicePropertyW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoA
SetupDiDestroyDriverInfoList
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceRegistryPropertyA
SetupDiOpenDevRegKey

winusb

WinUsb_AbortPipe
WinUsb_Initialize
WinUsb_Free
WinUsb_GetDescriptor
WinUsb_QueryInterfaceSettings
WinUsb_GetPowerPolicy
WinUsb_SetPowerPolicy
WinUsb_FlushPipe
WinUsb_QueryDeviceInformation
WinUsb_ControlTransfer
WinUsb_WritePipe
WinUsb_ReadPipe
WinUsb_SetPipePolicy
WinUsb_QueryPipe
WinUsb_GetOverlappedResult

user32

RegisterDeviceNotificationA
SendMessageA
UnregisterDeviceNotification
ShowWindow
RegisterClassExA
RegisterClassA
TranslateMessage
DestroyWindow
IsWindow
CreateWindowExA
UnregisterClassA
PostQuitMessage
DefWindowProcA
PostMessageA
DispatchMessageA
GetMessageA

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegQueryValueExA
RegCloseKey

Exports

Exports

AlphaBlend
NBDeviceDestroy
NBDeviceGetIdA
NBDeviceGetState
NBDeviceSupportsNBUApi
NBErrorsClear
NBErrorsGetMessageA
NBErrorsSetLastA
NBUAbort
NBUCapture
NBUCaptureAndExtract
NBUCaptureStreaming
NBUCloseConnection
NBUCloseSession
NBUDfuGetHWVersion
NBUDfuIsBootloader
NBUDfuUpdateFirmware
NBUDiagnostics
NBUEcho
NBUEnumCloseHandle
NBUEnumGetDevInfo
NBUEnumerateDevices
NBUFactoryReset
NBUFinalize
NBUFingerPresent
NBUFingerPresent2SL
NBUFirmwareUpdate
NBUFree
NBUGetBasicInfo
NBUGetBasicInfoEx
NBUGetBootloaderInfo
NBUGetCaptureAndExtractStatus
NBUGetCapturedImage
NBUGetCommParameters
NBUGetDiagnosticsResult
NBUGetExtractedTemplate
NBUGetRDCommandResult
NBUGetRDCommandStatus
NBUGetSensorParameter
NBUGetStatus
NBUGetSupportedScanSizes
NBUGetSupportedScanTypes
NBUGetValue
NBUInit
NBUInitEx
NBUInitialize
NBUInitializeCustom
NBUIsReopenRecommended
NBUNextRxFwUpdateFinish
NBUNextRxFwUpdateStart
NBUNextRxFwUpdateUpload
NBUNextRxUploadFirmwareImage
NBUOpenConnection
NBUOpenSession
NBUOpenSessionSM2
NBUParseScanFormat
NBURDCommand
NBURDDumpAllEncryptedData
NBURDLoadEncryptedData
NBUReboot
NBUReopenConnection
NBUSearchExtraData
NBUSensorCommand
NBUSetApplicationKey
NBUSetCommParameters
NBUSetLED
NBUSetValue
NBUTerminate
NBUUploadFirmwareImage
NBUidaiCaptureA
NBUidaiCaptureFaceResponseCreateA
NBUidaiCaptureFaceResponseDestroyA
NBUidaiFree
NBUidaiGetDeviceInfoA
NBUidaiGetStatus
NBUidaiInitializeA
NBUidaiInitializeExA
NBUidaiKeepAlive
NBUidaiLibraryGetVersion
NBUidaiPlayIntegrityCheck
NBUidaiPlayIntegrityCheckWithToken
NBUidaiPlayIntegrityResponseCreateA
NBUidaiPlayIntegrityResponseDestroyA
NBUidaiPlayIntegritySetCallbackA
NBUidaiReceivePacketCreateA
NBUidaiReceivePacketDestroyA
NBUidaiReset
NBUidaiRotateKeys
NBUidaiSafetyNetResponseCreateA
NBUidaiSafetyNetResponseDestroyA
NBUidaiTerminate

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 502KB - Virtual size: 504KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

21290d9d3a8c60157412c08f4b84b335

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

dbghelp

bcrypt

crypt32

ncrypt

netapi32

kernel32

setupapi

winusb

user32

advapi32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 502KB - Virtual size: 504KB

.data Size: 17KB - Virtual size: 68KB

_RDATA Size: 2KB - Virtual size: 4KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 502KB - Virtual size: 504KB

.data
Size: 17KB - Virtual size: 68KB

_RDATA
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB