e4cb0c54a1099d44c24f8c4e8acdccae97334b1799ee282f0d2a49c567caa9b0

Sharing

Copy URL Twitter E-mail

General

Target

e4cb0c54a1099d44c24f8c4e8acdccae97334b1799ee282f0d2a49c567caa9b0
Size

932KB
MD5

8f22b9ec53fa2b51605ce29fa68d3a6a
SHA1

2d2b2868737da43a0377fb34a1f14ac26be5d922
SHA256

e4cb0c54a1099d44c24f8c4e8acdccae97334b1799ee282f0d2a49c567caa9b0
SHA512

48b71a21433947d3b79bf7b5dc6b067865cb5346743f3f51ac00d18b59cd6e0d691d3e5aebea4e32e2559ee2f690eb0c5a821d9fb5517b604e049d351d793366
SSDEEP

24576:dVtpQ33xdCwJPFxKPcJcAy04cvKlzDGphau:MRdCPsA0jKtGph

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e4cb0c54a1099d44c24f8c4e8acdccae97334b1799ee282f0d2a49c567caa9b0

Files

e4cb0c54a1099d44c24f8c4e8acdccae97334b1799ee282f0d2a49c567caa9b0
.exe windows:5 windows x86 arch:x86

27b05237023e12cdfdc024edb4850b91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

L:\DS-gz\AAAAGS\甘肃省培训监管读卡器项目(1)\trunk\code\项目开发\TSCardDriveSvr_V1.1.0.1\Release\TSCardDriveSvr.pdb

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
SetConsoleCtrlHandler
InterlockedCompareExchange
GetQueuedCompletionStatus
SetLastError
SetWaitableTimer
TlsSetValue
TlsGetValue
CreateIoCompletionPort
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CloseHandle
VerifyVersionInfoA
GetModuleFileNameA
WaitForSingleObject
QueueUserAPC
TerminateThread
WaitForMultipleObjects
GetModuleHandleA
SleepEx
SetEvent
CreateEventW
CreateWaitableTimerA
Sleep
FormatMessageA
LocalFree
TlsFree
InterlockedIncrement
InterlockedExchangeAdd
TlsAlloc
GetLastError
PostQueuedCompletionStatus
LeaveCriticalSection
InterlockedDecrement
EnterCriticalSection
InterlockedExchange
GetPrivateProfileStringA
GetPrivateProfileIntA
FreeLibrary
GetProcAddress
VerSetConditionMask
LoadLibraryA
CreateFileW
HeapSize
ReadConsoleW
WriteConsoleW
SetStdHandle
FindNextFileA
FindFirstFileExA
FindClose
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetProcessHeap
FormatMessageW
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RaiseException
RtlUnwind
ExitThread
GetModuleHandleExW
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation

advapi32

SystemFunction036

ws2_32

WSARecv
getsockopt
getpeername
WSAAddressToStringW
htonl
ntohl
ntohs
WSASocketW
listen
WSASend
setsockopt
ioctlsocket
closesocket
htons
WSASetLastError
WSAGetLastError
shutdown
WSACleanup
WSAStartup
bind

mswsock

GetAcceptExSockaddrs
AcceptEx

Sections

.text
Size: 730KB - Virtual size: 729KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27b05237023e12cdfdc024edb4850b91

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ws2_32

mswsock

Sections

.text Size: 730KB - Virtual size: 729KB

.rdata Size: 143KB - Virtual size: 142KB

.data Size: 24KB - Virtual size: 31KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 730KB - Virtual size: 729KB

.rdata
Size: 143KB - Virtual size: 142KB

.data
Size: 24KB - Virtual size: 31KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 31KB