3ca58260cc6f96497b049d134ce7744d011a1cef644267ab603005b78c744d9eN

Sharing

Copy URL Twitter E-mail

General

Target

3ca58260cc6f96497b049d134ce7744d011a1cef644267ab603005b78c744d9eN
Size

292KB
MD5

df4ef36f873dcb97c420278cc5a01c90
SHA1

76f79cc9fcafcdfb8ca2a542ad8cacf051b58520
SHA256

3ca58260cc6f96497b049d134ce7744d011a1cef644267ab603005b78c744d9e
SHA512

d9f00268695395199a0cb12be3c9adebe7804bf2149aeaa21b6a9c9e4a0d86aa394f465457c6d86c58fdbfb475824bba2b952291e31ee444bd22abf4ad64e03d
SSDEEP

3072:cC2T51jQjnf5meweMNPX9J7ixmAC9wyBo5sekPOsI1yB3OBV3Cd:cPTQjf5HMLRixNyBfOsIk+BVyd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ca58260cc6f96497b049d134ce7744d011a1cef644267ab603005b78c744d9eN

Files

3ca58260cc6f96497b049d134ce7744d011a1cef644267ab603005b78c744d9eN
.exe windows:5 windows x86 arch:x86

a804a8be71248b79fbf0a55b1d2ac8a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Temp\NST\VS2010\nfc\mfocGUI\Release\mfocGUI.pdb

Imports

kernel32

Sleep
InterlockedExchange
InterlockedCompareExchange
HeapSetInformation
WriteFile
ReadFile
GetOverlappedResult
ClearCommError
PurgeComm
GetVersionExA
CreateEventA
CloseHandle
CreateFileA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
DecodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemDefaultLangID
GetModuleHandleA
GetTickCount
MulDiv
MultiByteToWideChar
GetLocalTime
GlobalAlloc
GlobalFree
GetLastError
EncodePointer
GetStartupInfoW

user32

SetWindowPos
GetClientRect
AdjustWindowRectEx
GetSystemMetrics
CreateWindowExA
GetDC
MessageBoxA
InvalidateRect
GetDlgItem
ShowWindow
UnregisterHotKey
EndPaint
BeginPaint
DefWindowProcA
PostQuitMessage
DispatchMessageA
EnableWindow
SendMessageA
CheckRadioButton
RegisterHotKey
LoadIconA
LoadCursorA
GetSysColorBrush
LoadImageA
RegisterClassExA
UpdateWindow
GetMessageA
TranslateMessage

gdi32

GetStockObject
GetDeviceCaps
CreateFontA
GetObjectA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc

msvcr100

strcmp
sprintf_s
perror
strcpy
free
malloc
strstr
qsort
memcmp
sprintf
strtoul
_errno
strtok
atoi
realloc
strncpy
memset
memcpy
printf
fprintf
__iob_func
fclose
fread
fopen
fwrite
calloc
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
ceil
fgets
getc
fflush
fputs
putc
ftell
fseek
??2@YAPAXI@Z
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
__CxxFrameHandler3
_beginthread
_getcwd
sscanf
strchr
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_invoke_watson
_controlfp_s
strlen
abort
_snprintf
isalnum
bsearch
isspace

gdiplus

GdipCreateFromHDC
GdipAlloc
GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageRectI
GdipMeasureString

hid

HidD_FreePreparsedData
HidD_GetIndexedString
HidP_GetCaps
HidD_GetPreparsedData
HidD_GetHidGuid

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList

winscard

g_rgSCardT1Pci
SCardTransmit
SCardReleaseContext
SCardDisconnect

Exports

Exports

iso14443a_crc
iso14443a_crc_append
iso14443a_locate_historical_bytes
iso14443b_crc
iso14443b_crc_append
nfc_abort_command
nfc_close
nfc_device_get_connstring
nfc_device_get_information_about
nfc_device_get_last_error
nfc_device_get_name
nfc_device_get_supported_baud_rate
nfc_device_get_supported_baud_rate_target_mode
nfc_device_get_supported_modulation
nfc_device_set_property_bool
nfc_device_set_property_int
nfc_exit
nfc_free
nfc_idle
nfc_init
nfc_initiator_deselect_target
nfc_initiator_init
nfc_initiator_init_secure_element
nfc_initiator_list_passive_targets
nfc_initiator_poll_dep_target
nfc_initiator_poll_target
nfc_initiator_select_dep_target
nfc_initiator_select_passive_target
nfc_initiator_target_is_present
nfc_initiator_transceive_bits
nfc_initiator_transceive_bits_timed
nfc_initiator_transceive_bytes
nfc_initiator_transceive_bytes_timed
nfc_list_devices
nfc_open
nfc_perror
nfc_register_driver
nfc_strerror
nfc_strerror_r
nfc_target_init
nfc_target_receive_bits
nfc_target_receive_bytes
nfc_target_send_bits
nfc_target_send_bytes
nfc_version
str_nfc_baud_rate
str_nfc_modulation_type
str_nfc_target

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 172.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a804a8be71248b79fbf0a55b1d2ac8a1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

shell32

msvcr100

gdiplus

hid

setupapi

winscard

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 148KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 11KB - Virtual size: 172.1MB

.rsrc Size: 53KB - Virtual size: 53KB

.reloc Size: 59KB - Virtual size: 58KB

.text
Size: 148KB - Virtual size: 148KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 11KB - Virtual size: 172.1MB

.rsrc
Size: 53KB - Virtual size: 53KB

.reloc
Size: 59KB - Virtual size: 58KB