4fc767e7a52e8e0f5664d2e60b8493b091ca06363660bfce775f92370143d835

Sharing

Copy URL Twitter E-mail

General

Target

4fc767e7a52e8e0f5664d2e60b8493b091ca06363660bfce775f92370143d835
Size

1.8MB
MD5

49c6aeefb62a26a1e1cecf4eacc3620b
SHA1

21e8ad3fecbf6a4c4db8a6110a44f3acf721b7e4
SHA256

4fc767e7a52e8e0f5664d2e60b8493b091ca06363660bfce775f92370143d835
SHA512

cb71f5731aaa8f2e7c856f0f3ff867dfddaff6b9d30541e7839cbf5fefe603aaac1b70915f69a2bfe6ba4d2ca5f9521f6955e2bdc9f2976e6d832192bba949cd
SSDEEP

49152:lmCQnPTLMLdMEjRpv4GlEc32Z9Uo/Y+H/FzMeZNj0vqpLQho1uB8:lwvMLdMEjR22EQ2Z9UyY+H/FzMeZl/cL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4fc767e7a52e8e0f5664d2e60b8493b091ca06363660bfce775f92370143d835

Files

4fc767e7a52e8e0f5664d2e60b8493b091ca06363660bfce775f92370143d835
.dll regsvr32 windows:5 windows x86 arch:x86

0a80bbf7cfc2a0a4d5dbc7f8f5f7c3d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\cwl\湖北社保读写器\SSCardDriver\社保动态库Bin\SSCardDriver.pdb

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA

hid

HidD_GetHidGuid
HidD_GetAttributes
HidD_GetFeature
HidD_SetFeature
HidD_GetPreparsedData
HidP_GetCaps
HidD_FreePreparsedData

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegQueryValueA
RegSetValueA
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyExW
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

kernel32

GetSystemTimeAsFileTime
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsValidCodePage
HeapCreate
HeapDestroy
GetStdHandle
LCMapStringW
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
HeapQueryInformation
IsProcessorFeaturePresent
CompareStringW
GetTimeZoneInformation
WriteConsoleW
GetProcessHeap
CreateFileW
SetEnvironmentVariableA
ExitProcess
RtlUnwind
GetCommandLineA
CreateFileA
GetCommState
SetCommState
SetCommTimeouts
ReadFile
GetCommTimeouts
PurgeComm
CloseHandle
HeapReAlloc
VirtualQuery
RaiseException
GetStringTypeW
DeviceIoControl
GetVersionExA
Sleep
GetTickCount
GetLastError
WaitForSingleObject
SetEvent
ResetEvent
CreateThread
OutputDebugStringA
SetLastError
WriteFile
CreateEventA
GetOverlappedResult
GetPrivateProfileStringA
ReleaseMutex
FlushFileBuffers
DisconnectNamedPipe
CreateNamedPipeA
ConnectNamedPipe
lstrlenA
LocalAlloc
LocalFree
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
WideCharToMultiByte
GetModuleFileNameA
LoadLibraryA
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalSize
GlobalFree
FreeLibrary
GetModuleHandleW
lstrcmpA
SizeofResource
LockResource
LoadResource
FindResourceW
DeactivateActCtx
ActivateActCtx
CompareStringA
GetLocaleInfoA
GetSystemDefaultUILanguage
GetSystemInfo
VirtualAlloc
HeapSize
HeapAlloc
HeapFree
DecodePointer
EncodePointer
VirtualProtect
ConvertDefaultLocale
GetUserDefaultUILanguage
MultiByteToWideChar
SearchPathA
InitializeCriticalSectionAndSpinCount
GetNumberFormatA
GetWindowsDirectoryA
GetProfileIntA
GetTempPathA
GetTempFileNameA
GetFileTime
GetFileSizeEx
GetFileAttributesA
GetFileAttributesExA
FindResourceExW
GetVersion
GetACP
GetOEMCP
GetCPInfo
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
lstrcmpiA
lstrcpyA
DeleteFileA
GlobalFlags
GetCurrentDirectoryA
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
IsDBCSLeadByte
FindResourceA
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
LoadLibraryW
lstrcmpW
GetUserDefaultLCID
CopyFileA
FormatMessageA
lstrlenW
MulDiv
GetCurrentProcessId
GlobalAddAtomA
WritePrivateProfileStringA
GetPrivateProfileIntA
ResumeThread
SetThreadPriority
InterlockedIncrement
GetModuleHandleA
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ExitThread

user32

IsClipboardFormatAvailable
SetMenuDefaultItem
WaitMessage
PostThreadMessageA
IsMenu
UpdateLayeredWindow
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
TranslateAcceleratorA
GetNextDlgGroupItem
LoadImageA
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
GetDCEx
BringWindowToTop
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
CopyAcceleratorTableA
DrawFocusRect
DrawFrameControl
DrawIconEx
DrawStateA
MessageBeep
GetSystemMenu
LoadMenuW
SetClassLongA
GetAsyncKeyState
NotifyWinEvent
WindowFromPoint
CreatePopupMenu
DestroyAcceleratorTable
RedrawWindow
IsZoomed
GetDialogBaseUnits
GetTabbedTextExtentW
GetMenuItemInfoA
IsIconic
CharUpperA
DestroyIcon
GetSysColorBrush
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoA
KillTimer
SetTimer
RealChildWindowFromPoint
DeleteMenu
UnregisterClassA
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
LockWindowUpdate
EnumChildWindows
RegisterClipboardFormatA
SetRect
SetWindowRgn
IsRectEmpty
FrameRect
CreateMenu
DestroyMenu
SetRectEmpty
LoadCursorA
SetCapture
ReleaseCapture
GetSystemMetrics
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
RegisterWindowMessageA
LoadIconW
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
FillRect
EnableWindow
PostQuitMessage
PostMessageA
UnhookWindowsHookEx
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageW
GetWindowRgn
DestroyCursor
DrawIcon
MapDialogRect
SubtractRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
PtInRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
GetMenu
GetWindow
GetSysColor
MapVirtualKeyExA
CopyIcon
GetKeyNameTextA
IsCharLowerA
GetDoubleClickTime
CharUpperBuffA
IntersectRect
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
SendMessageA
GetParent
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
SetCursor
ShowOwnedPopups
MessageBoxA
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetWindowThreadProcessId
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
AppendMenuA
GetMenuStringA
SetParent
DrawEdge
ShowWindow
CopyRect
DefWindowProcA
InflateRect
OffsetRect
GetWindowRect
UpdateWindow
InvalidateRect
SetWindowLongA
GetDesktopWindow
DestroyWindow
SetWindowPos
CallWindowProcA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ScreenToClient
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
CopyImage

gdi32

SetDIBColorTable
CreateBitmap
GetDeviceCaps
CopyMetaFileA
CreateDCA
LPtoDP
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
CreatePatternBrush
CreateDIBSection
SelectObject
CreatePen
CreateSolidBrush
CreateHatchBrush
CombineRgn
OffsetRgn
GetViewportOrgEx
CreateRectRgnIndirect
CreateDIBitmap
CreateFontIndirectA
CreateCompatibleBitmap
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
GetTextExtentPoint32A
GetTextAlign
SetRectRgn
PatBlt
DPtoLP
EnumFontFamiliesExA
CreateRoundRectRgn
CreatePolygonRgn
GetBkColor
GetTextColor
CreateEllipticRgn
Polyline
Polygon
Rectangle
UnrealizeObject
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
GetRgnBox
StretchBlt
SetPixel
GetWindowOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceA
SetPixelV
GetObjectType
DeleteObject
CreateCompatibleDC
DeleteDC
GetObjectA
Ellipse
SelectPalette
GetStockObject

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

shell32

SHAppBarMessage
ExtractIconA
SHGetFileInfoA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
DragQueryFileA
DragFinish
ShellExecuteA

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
PathFindExtensionA

ole32

CoInitializeEx
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleLoadFromStream
ReadClassStm
OleTranslateAccelerator
CoInitialize
CoCreateInstance
CoUninitialize
OleSaveToStream
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateOleAdviseHolder
CreateDataCache
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
IsAccelerator
OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
GetHGlobalFromStream
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoDisconnectObject
ReadFmtUserTypeStg
StringFromCLSID
CoTaskMemFree
CreateDataAdviseHolder
CoRevokeClassObject
CoRegisterClassObject
StringFromGUID2
CoCreateGuid

oleaut32

SysStringByteLen
SysStringLen
OleCreatePropertyFrame
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
OleLoadPicture
SysAllocString
VariantCopy
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
OleCreatePictureIndirect
SysAllocStringLen
SysFreeString

gdiplus

GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipCreateFromHDC
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToStream
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImagePaletteSize

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ICC_Reader_Application
ICC_Reader_Close
ICC_Reader_GetStatus
ICC_Reader_Libinfo
ICC_Reader_Open
ICC_Reader_PowerOff
ICC_Reader_PowerOn
getHandler
iChangePIN
iDoDebit
iDoDebit_HSM_Step1
iDoDebit_HSM_Step2
iGetDeviceInfo
iGetPassword
iReadBankNo
iReadCard
iReadCardBas
iReadCardBas_HSM_Step1
iReadCardBas_HSM_Step2
iReadCard_HSM_Step1
iReadCard_HSM_Step2
iReadDebitRecord
iReadSFZ
iReloadPIN
iReloadPIN_HSM_Step1
iReloadPIN_HSM_Step2
iReloadPIN_HSM_Step3
iUnblockPIN
iUnblockPIN_HSM_Step1
iUnblockPIN_HSM_Step2
iUnblockPIN_HSM_Step3
iVerifyPIN
iWriteCard
iWriteCard_HSM_Step1
iWriteCard_HSM_Step2

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a80bbf7cfc2a0a4d5dbc7f8f5f7c3d9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

hid

advapi32

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

oleacc

imm32

winmm

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 282KB - Virtual size: 281KB

.data Size: 58KB - Virtual size: 106KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 172KB - Virtual size: 172KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 282KB - Virtual size: 281KB

.data
Size: 58KB - Virtual size: 106KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 172KB - Virtual size: 172KB