9f2e83a199a44e1ca04cf26c26bfb6b5bc915b20430b0c34d40e4f45dd8b1f17

Sharing

Copy URL Twitter E-mail

General

Target

9f2e83a199a44e1ca04cf26c26bfb6b5bc915b20430b0c34d40e4f45dd8b1f17
Size

9.9MB
MD5

8795ecde59aa2934f4f7a3593c57c8e7
SHA1

2df50505820674f2006bc0bcb55d990776ab39ff
SHA256

9f2e83a199a44e1ca04cf26c26bfb6b5bc915b20430b0c34d40e4f45dd8b1f17
SHA512

8e0cf741e13eb1ad567fa2c26b07985609e4026f2e87b2021338eb3a6ee4d63ee3fcdd1b6fedb83b08cc1dd2960cc42b8f98149235fa4538912efb96ceb5429b
SSDEEP

196608:/6n76Qq1/ywzKE43JwV3xmi07e/cBs3niHKj+/AWennbj/Q:mq1/ywzKE43JwV3xmi07e/cBs3ni

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9f2e83a199a44e1ca04cf26c26bfb6b5bc915b20430b0c34d40e4f45dd8b1f17

Files

9f2e83a199a44e1ca04cf26c26bfb6b5bc915b20430b0c34d40e4f45dd8b1f17
.exe windows:5 windows x86 arch:x86

975e4b9d9228380298ca04779c94cf90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\WisecardTech\SmartInstantWare\DPClient\DPClient NoEtk.pdb

Imports

dllinjectioncheck

WaitProcessModelStartFinish
StartProcessModel
SetProcessCloseFlagNoWait
CheckDllInjection

hsminterface

HSM_DES_KeyGenerate
HSM_ReadInfo
HSM_DES_MAC_Calculation
HSM_DES_Encrypt
HSM_Finalize
HSM_Initialize
HSM_BASIC_DiagnosePerformance
HSM_DES_KeyTranslation

securelib

EToken_DES_Decrypt
EToken_DES_Encrypt
DB_DES_Decrypt
DB_DES_Encrypt

tcpip_ssl

SCT_TCP_Write_Raw
SCT_TCP_GetSocketIp
SCT_TCP_SetSSLKeyCertificateEx
SCT_TCP_Connect
SCT_TCP_Read_Raw
SCT_TCP_Write
SCT_TCP_Read
SCT_TCP_CloseServerSocket
SCT_TCP_StartSSL
SCT_TCP_SetSSLProtocolVersion

util

XMLNodeGetChild
XMLNodeGetChildCount
XMLNodeFindChild
XMLOpen
CurrentExeName
CurrentDir
XMLNodeFindChildByAttr
XMLNodeGetAttribute
XMLNodeFind
CreateMultipleDirectory
IniGetString
XMLNodeAddChildNode
XMLNodeGetNodeName
XMLNodeGetXML
XMLNodeGetXMLLength
XMLNew
XMLAddRootNode
XMLNodeCopy
XMLSaveToBuff
XMLGetLength
XMLLoadFromStr
XMLGetRootNode
IniSetString
IsHex
XMLNodeSetAttribute
XMLSave
Log_SYS_Printf
Ascii2Hex
Hex2Ascii
XMLNodeGetAllAttrNames

wct_log_interface

WCT_Log_SYS_Printf_Ex
InitThreadAllMaskData
WCT_Log_SYS_FunctionEnter_Ex
WCT_Log_Finalize
WCT_Log_Initialize
WCT_Log_SYS_Printf
WCT_Log_DP_FunctionExit_Ex
WCT_Log_DP_FunctionEnter_Ex
WCT_Log_DP_PrintMemory_Ex
WCT_Log_DP_Printf_Ex
WCT_Log_SYS_PrintMemory_Ex
DeinitThreadAllMaskData
GetAllMASKData
WCT_Log_SYS_FunctionExit_Ex

mfc100u

ord1934
ord2766
ord8363
ord886
ord1288
ord6655
ord6865
ord9237
ord12821
ord9140
ord11115
ord2338
ord6155
ord11080
ord7474
ord10305
ord10308
ord8640
ord8655
ord8645
ord9075
ord9080
ord8657
ord10160
ord9562
ord8073
ord8063
ord10750
ord5275
ord12554
ord2216
ord3993
ord11073
ord7384
ord4444
ord4445
ord5469
ord1529
ord12563
ord5280
ord12561
ord5279
ord5296
ord4756
ord4084
ord10511
ord9470
ord12147
ord422
ord980
ord3628
ord5652
ord4805
ord535
ord1062
ord7903
ord3754
ord5900
ord3482
ord1905
ord7914
ord4359
ord13181
ord11082
ord2831
ord6102
ord1246
ord3174
ord3910
ord6159
ord12775
ord10906
ord6872
ord12351
ord3985
ord4991
ord4955
ord4150
ord3368
ord3380
ord13305
ord4810
ord9232
ord9235
ord9239
ord6869
ord891
ord1293
ord13956
ord1956
ord7176
ord1990
ord1895
ord13797
ord12753
ord7616
ord7131
ord7178
ord7203
ord12898
ord6891
ord6533
ord850
ord1592
ord345
ord923
ord11021
ord11235
ord5261
ord2005
ord4087
ord6141
ord9328
ord5118
ord11845
ord11209
ord11240
ord9498
ord7391
ord11236
ord11228
ord3416
ord13568
ord13571
ord13569
ord13572
ord13567
ord13570
ord7179
ord11469
ord13267
ord10976
ord14162
ord1739
ord7126
ord11864
ord3261
ord3684
ord8530
ord13387
ord7108
ord13381
ord11477
ord11476
ord2164
ord4744
ord13854
ord11784
ord7548
ord7624
ord7615
ord2457
ord11923
ord10894
ord13029
ord8115
ord8345
ord7633
ord13116
ord11515
ord6358
ord6719
ord404
ord965
ord10019
ord8349
ord9329
ord3413
ord13804
ord13950
ord13939
ord13962
ord13743
ord14216
ord13738
ord14129
ord12886
ord12684
ord2504
ord4981
ord5538
ord8220
ord3421
ord10067
ord10296
ord8334
ord11706
ord4950
ord11509
ord14211
ord8615
ord2375
ord11880
ord11085
ord3670
ord3623
ord13309
ord4764
ord4755
ord9496
ord14130
ord13890
ord13891
ord13870
ord13901
ord13871
ord2020
ord3663
ord10185
ord457
ord1006
ord2773
ord4358
ord6375
ord6724
ord434
ord988
ord544
ord1070
ord661
ord1130
ord4450
ord1126
ord681
ord1143
ord8436
ord12325
ord13583
ord7707
ord2804
ord12486
ord3561
ord13601
ord3868
ord7682
ord11095
ord9410
ord691
ord3974
ord7560
ord6940
ord3893
ord2407
ord12202
ord5622
ord12661
ord8314
ord8556
ord10558
ord8351
ord13383
ord7104
ord8375
ord11169
ord11405
ord10448
ord7987
ord8485
ord10805
ord10800
ord3408
ord1762
ord9887
ord1752
ord5102
ord1583
ord8341
ord8837
ord10519
ord4289
ord1266
ord6117
ord8273
ord2844
ord3763
ord7241
ord7246
ord12228
ord4571
ord2763
ord5227
ord4355
ord921
ord5809
ord8266
ord2748
ord3749
ord7901
ord2617
ord3436
ord10409
ord917
ord5802
ord8264
ord2746
ord3746
ord7929
ord2781
ord12512
ord12951
ord5198
ord6246
ord13047
ord12413
ord12502
ord5161
ord5027
ord6727
ord1014
ord5883
ord5325
ord8270
ord3752
ord11123
ord8179
ord10058
ord10412
ord3627
ord2981
ord2980
ord2756
ord5556
ord12606
ord2417
ord8372
ord8347
ord7973
ord8550
ord3397
ord11164
ord9525
ord6713
ord950
ord5801
ord948
ord385
ord6346
ord3978
ord7512
ord3428
ord12871
ord12186
ord7006
ord4139
ord11999
ord4356
ord4360
ord11982
ord5799
ord2184
ord945
ord374
ord6243
ord5726
ord1212
ord788
ord5862
ord5855
ord1226
ord6086
ord2824
ord2939
ord294
ord265
ord266
ord1987
ord1312
ord5231
ord979
ord421
ord4512
ord7871
ord11838
ord7524
ord293
ord1476
ord285
ord5264
ord2629
ord2614
ord1479
ord280
ord1310
ord296
ord290
ord2064
ord2068
ord1298
ord4290
ord3846
ord5229
ord286
ord1450
ord902
ord1300
ord281
ord4519
ord4294
ord2185
ord3446
ord7353
ord2136
ord7618
ord2135
ord1474
ord8599
ord6870
ord970
ord897
ord5846
ord8346
ord9333
ord7393
ord4792
ord6922
ord6932
ord6931
ord5468
ord4623
ord4794
ord4645
ord5143
ord4901
ord8483
ord5115
ord4923
ord4642
ord11159
ord2852
ord2951
ord2952
ord3491
ord11116
ord2339
ord5276
ord12557
ord10725
ord6156
ord13388
ord7109
ord13382
ord2665
ord3992
ord14067
ord3999
ord4416
ord4383
ord4379
ord4413
ord4434
ord4392
ord4421
ord4430
ord4400
ord4404
ord4408
ord4396
ord4425
ord4388
ord1519
ord1512
ord1514
ord1508
ord1501
ord657
ord1944
ord11244
ord11246
ord12724
ord2853
ord8393
ord10045
ord6247
ord11210
ord8112
ord13380
ord10937
ord3402
ord11081
ord8277
ord14060
ord14059
ord14132
ord14149
ord14145
ord14147
ord14148
ord14146
ord2418
ord7385
ord2884
ord2887
ord12610
ord5558
ord6362
ord291
ord11682
ord13398
ord417
ord5852

msvcr100

memset
_CxxThrowException
vsprintf_s
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
sprintf
_time64
sscanf
_mktime64
wcsftime
_localtime64_s
strcpy_s
strncpy
memmove
strcat_s
strstr
_beginthreadex
strncmp
wcsncpy
_memicmp
strrchr
exit
malloc
free
_wtoi
_purecall
memcpy_s
fopen
fclose
wcsstr
remove
rename
strtoul
srand
rand
_swprintf
memchr
clock
strtol
wcsncmp
_access
_itoa
atoi
sprintf_s
memcpy
wcscpy_s
_vswprintf
realloc
_vswprintf_c_l
strerror
printf
_snwprintf
swprintf_s
_stricmp
_itoa_s
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
_vsnprintf
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CxxFrameHandler3

kernel32

InitializeCriticalSectionAndSpinCount
LoadLibraryA
RaiseException
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
GetModuleFileNameW
InterlockedIncrement
Beep
GetComputerNameExW
HeapFree
GetProcessHeap
HeapAlloc
lstrcpyW
SetLastError
LocalAlloc
SetThreadPriority
SetThreadPriorityBoost
GetThreadPriority
GetCurrentThread
DeviceIoControl
CreateFileW
ReleaseSemaphore
ReleaseMutex
CreateMutexW
TryEnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
FormatMessageW
SetThreadUILanguage
SetThreadLocale
SetConsoleOutputCP
GetVersionExW
lstrlenA
GetExitCodeProcess
CreateProcessW
GetCurrentProcess
DuplicateHandle
PeekNamedPipe
WriteFile
ReadFile
CreateProcessA
GetStartupInfoA
CreatePipe
LocalFree
InterlockedDecrement
lstrcmpiW
lstrlenW
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateDirectoryW
GetTempPathW
GetCurrentProcessId
LoadLibraryW
ResetEvent
WaitForSingleObject
SetEvent
CreateEventW
WideCharToMultiByte
MultiByteToWideChar
CopyFileW
ResumeThread
GetSystemTime
GetComputerNameW
GetLastError
CloseHandle
FreeLibrary
GetProcAddress
GetTickCount
Sleep
GetCurrentThreadId
GetLocalTime
IsProcessorFeaturePresent

comctl32

InitCommonControlsEx

gdiplus

GdiplusShutdown

msvcp100

?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

dbinterface

DB_GetDbBlobIndicator
DB_GetDatabaseType
DB_Rollback
DB_FinalizeCurrentThreadLock
DB_Finalize
DB_ExecuteSQLEx
DB_WriteBlobData
DB_RowNumber
DB_GetData
DB_ConnectEx
DB_Lock
DB_Unlock
DB_InitializeEx
DB_GetBlobData

cryptolib

SCT_S_SHA1

dminterface

DM_Process

dpfpapi

DPFPStartAcquisition
DPFPDestroyAcquisition
DPFPTerm
DPFPCreateAcquisition
DPFPInit
DPFPStopAcquisition

dphftrex

FX_terminate
FX_extractFeatures
FX_closeContext
FX_getFeaturesLen
FX_init
FX_createContext

dphmatch

MC_generateRegFeatures
MC_closeContext
MC_init
MC_createContext
MC_getSettings
MC_verifyFeaturesEx
MC_getFeaturesLen

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.5MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

975e4b9d9228380298ca04779c94cf90

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dllinjectioncheck

hsminterface

securelib

tcpip_ssl

util

wct_log_interface

mfc100u

msvcr100

kernel32

comctl32

gdiplus

msvcp100

dbinterface

cryptolib

dminterface

dpfpapi

dphftrex

dphmatch

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 230KB - Virtual size: 229KB

.data Size: 4.5MB - Virtual size: 4.6MB

.tls Size: 512B - Virtual size: 73B

.rsrc Size: 3.7MB - Virtual size: 3.7MB

.reloc Size: 168KB - Virtual size: 168KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 230KB - Virtual size: 229KB

.data
Size: 4.5MB - Virtual size: 4.6MB

.tls
Size: 512B - Virtual size: 73B

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

.reloc
Size: 168KB - Virtual size: 168KB