c2296d801b2613e2a07276f8e8e9025da05bb0e3c69b2294c5ec7b354c97b072

Sharing

Copy URL Twitter E-mail

General

Target

c2296d801b2613e2a07276f8e8e9025da05bb0e3c69b2294c5ec7b354c97b072
Size

903KB
MD5

f8afbab17d8ed63da18e49e07ad1d2d5
SHA1

8729ae59f38f86de63ec13f411375c002acbc517
SHA256

c2296d801b2613e2a07276f8e8e9025da05bb0e3c69b2294c5ec7b354c97b072
SHA512

9e5fda3f7eef4edf8667479451eaf7e912b0a48f10abc96edb068b592e97c0f1b7b3be54a71f030980b462d6e38bfbefe23d0f5081bbc76526839b047f1300ff
SSDEEP

24576:RqZSq8+rNXPLjmeop/X/Y/dTj31F/EeSEumObL4t6d:Rq1rNXPLjoX/Yp3jVSJmObLy6d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2296d801b2613e2a07276f8e8e9025da05bb0e3c69b2294c5ec7b354c97b072

Files

c2296d801b2613e2a07276f8e8e9025da05bb0e3c69b2294c5ec7b354c97b072
.dll windows:5 windows x86 arch:x86

cf21d946535c23621ed55afe4a53e865

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\Code\03FinanceMach\CDS\02BRM\6060_nonghang\up\sw_drv\drv\D_Usb11_YH_CC\Release\D_Usb11_YH_CC_6060R_Auth.pdb

Imports

bcrypt

BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptDecrypt

pthreadvc2

pthread_create
pthread_cancel
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_exit
pthread_attr_setstacksize
pthread_attr_destroy
pthread_attr_init
sem_post
sem_timedwait
sem_wait
sem_trywait
sem_close
sem_destroy
sem_init
pthread_mutexattr_destroy
pthread_mutex_unlock
pthread_mutex_timedlock
pthread_mutex_destroy
pthread_attr_getschedparam
pthread_mutex_init
pthread_join

kernel32

ReleaseMutex
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualQuery
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
HeapAlloc
GetProcessHeap
HeapFree
CreatePipe
GetStartupInfoA
CreateProcessA
ReadFile
SizeofResource
LockResource
LoadResource
FindResourceW
GetExitCodeProcess
OutputDebugStringA
HeapReAlloc
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
RaiseException
HeapSize
DecodePointer
MultiByteToWideChar
GetACP
SetLastError
GetModuleFileNameW
GetModuleHandleW
LoadLibraryW
LocalFree
FormatMessageA
GetCurrentThread
GetCurrentThreadId
WideCharToMultiByte
LoadLibraryExW
GlobalDeleteAtom
lstrcmpA
CompareStringA
GlobalAddAtomA
GetCurrentProcessId
EncodePointer
GetSystemDirectoryW
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
SetErrorMode
FileTimeToSystemTime
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
FlushFileBuffers
GetFullPathNameA
SetEndOfFile
WriteFile
WaitForSingleObject
GetVolumeInformationA
GetOEMCP
GetCPInfo
FileTimeToLocalFileTime
GetFileAttributesExA
GetSystemTimeAsFileTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
RtlUnwind
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapQueryInformation
DeleteFileW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
GetStdHandle
GetFileType
GetStartupInfoW
IsValidCodePage
CreateDirectoryW
FindFirstFileExW
FindNextFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetFileAttributesExW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
GetStringTypeW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW
CreateFileW
SetEnvironmentVariableA
CopyFileA
GetLastError
lstrcatA
CloseHandle
lstrlenA
lstrcpyA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateFileA
GetModuleHandleA
GetModuleFileNameA
DeleteFileA
FindNextFileA
FindFirstFileA
FindClose
GetFileAttributesA
GetProcAddress
FreeLibrary
LoadLibraryA
CreateDirectoryA
GetTickCount
GetLocalTime
Sleep
CreateMutexA
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
GetVersionExA
RemoveDirectoryW

user32

LoadIconA
LoadIconW
WinHelpA
MonitorFromWindow
GetMonitorInfoA
ShowWindow
SetWindowTextA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColorBrush
LoadCursorA
ClientToScreen
RealChildWindowFromPoint
SetTimer
KillTimer
InvalidateRect
DrawTextA
DrawTextExA
GrayStringA
TabbedTextOutA
GetTopWindow
CharUpperA
DestroyMenu
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA
LoadBitmapW
GetWindowRect
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
SendMessageA
UnhookWindowsHookEx
PostQuitMessage
PostMessageA
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetParent
UnregisterClassA
wsprintfA
GetClassNameA
GetClassLongA
SetWindowLongA
PtInRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
RedrawWindow
SetForegroundWindow
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
GetDlgItem
SetWindowPos
DestroyWindow
IsWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
GetWindow
GetWindowTextA
GetLastActivePopup
GetWindowThreadProcessId
GetWindowLongA
MessageBoxA
IsWindowEnabled
GetClientRect
RemovePropA
GetPropA
SetPropA
SetMenuItemInfoA
SetCursor
EnableWindow
CallNextHookEx
SetWindowsHookExA
GetCursorPos

gdi32

SetTextColor
SetBkColor
ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
CreateBitmap
ExtTextOutA
TextOutA
SetMapMode
SelectObject
SaveDC
RestoreDC
RectVisible
PtVisible
GetDeviceCaps
DeleteObject
DeleteDC
Escape
GetClipBox
GetStockObject

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueA
RegEnumKeyA
RegEnumValueA
RegFlushKey
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shlwapi

PathFindExtensionA
PathIsUNCA
PathStripToRootA
PathFindFileNameA

ole32

CoTaskMemFree
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen

imagehlp

MakeSureDirectoryPathExists

setupapi

SetupDiSetClassInstallParamsA
CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiCallClassInstaller

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

psapi

GetProcessMemoryInfo

oleacc

CreateStdAccessibleObject
LresultFromObject

Exports

Exports

CheckModule
Device_Close
Device_GetSystemInfo
Device_GetTrace
Device_Open
Device_OpenEx
Device_Receive
Device_Reset
Device_Send

Sections

.text
Size: 627KB - Virtual size: 627KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BrmShar
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf21d946535c23621ed55afe4a53e865

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcrypt

pthreadvc2

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

ole32

oleaut32

imagehlp

setupapi

version

psapi

oleacc

Exports

Exports

Sections

.text Size: 627KB - Virtual size: 627KB

.rdata Size: 175KB - Virtual size: 174KB

.data Size: 39KB - Virtual size: 362KB

.BrmShar Size: 6KB - Virtual size: 6KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 41KB - Virtual size: 41KB

.text
Size: 627KB - Virtual size: 627KB

.rdata
Size: 175KB - Virtual size: 174KB

.data
Size: 39KB - Virtual size: 362KB

.BrmShar
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 41KB - Virtual size: 41KB