EdsImage[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

EdsImage.dll
Size

366KB
MD5

54012b37cbbde7e43136a4266caf0731
SHA1

449f3df7271fe0a7e86f3fd1d7aa82b9ea7bc90c
SHA256

b250c22c4d40e744601bd3fee8a1deae885ac2b6aa7e4ff4a2c6fb44d5e3ed8e
SHA512

ab360f8d6e09323506dce95fd86e1c5a5a9b74891739be0ad5b74f78cb18b8ff6b857222ddd003f8f51ef2dfff056702872f194d660f3f77585c6cf1138e8c55
SSDEEP

6144:CmSFqg7cdNZ5ZZeJCYNVnQbV6ftMMlJUUspD90nk5jCY5JgYybFNToB0gHTqRB/a:ClyNQXNVnwktRXUU40mDR6EBLGRBeZo6

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
EdsImage.dll

Files

EdsImage.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

?PSParseSetDeveloped@@YGKPAUpslStream@@GG@Z
?_covnertColorSpacePropertiesWithColorSpaceEx@@YGKPAUpslStream@@PAPAUpsRuntimeTypeProperty@@G@Z
?_cropStream@@YGKPAUpslStream@@KK0@Z
EdsImgCacheImage
EdsImgCreateImageRef
EdsImgGetImage
EdsImgGetImageInfo
EdsImgInitialize
EdsImgReflectImageProperty
EdsImgSaveImage
EdsImgTerminate
_PSCode_Close@4
_PSCode_CloseQuantizer@4
_PSCode_CreateExifTiffInfoObject@12
_PSCode_CreateExifTiffInfoObjectFromPwrProps@28
_PSCode_CreateExifTiffInfoObjectFromPwrPropsEx@32
_PSCode_DecodeView@20
_PSCode_EncodeView@12
_PSCode_EncodeViewEx@16
_PSCode_EncodeView_WithJFIFOutput@16
_PSCode_EncodeView_with_Q@16
_PSCode_ExifTiffWriterOpen@24
_PSCode_FreeExifTiffInfoObject@4
_PSCode_GetExifTiffThumbnailRaw@16
_PSCode_Open@28
_PSCode_OpenQuantizer@20
_PSCode_Open_with_Q@32
_PSCode_QuantizeRows@16
_PSCode_RotateJPEG@16
_PSCode_TransferData@12
_PSDevelopCompareParamValues@12
_PSDevelopConvertToCIFFJPEG@40
_PSDevelopConvertToDCF@48
_PSDevelopConvertToDCFForZB@60
_PSDevelopConvertToDCFeX2@56
_PSDevelopConvertToDCFeX3@56
_PSDevelopConvertToDCFeX@52
_PSDevelopConvertToExifTiff@32
_PSDevelopConvertToExifTiffeX2@52
_PSDevelopConvertToExifTiffeX@48
_PSDevelopCopyClickWBCoefs@8
_PSDevelopCopyRawObjPrmToStrm@8
_PSDevelopCopyStrmPrmToRawObj@8
_PSDevelopCreatePluralRAWObject@8
_PSDevelopCreateRAWObject@8
_PSDevelopDisposeRAWObject@4
_PSDevelopEncodeJFIF@32
_PSDevelopEx@20
_PSDevelopGetAtCaptureThumbnail@20
_PSDevelopGetExtractJpegSize@12
_PSDevelopGetExtractJpegSize_ByModelName@12
_PSDevelopGetParamValue@16
_PSDevelopGetSplineArray@8
_PSDevelopGetSplineArrayEx@20
_PSDevelopGetSupportParamItemHead@8
_PSDevelopGetSupportParamItemNext@8
_PSDevelopGetSupportParamValueHead@12
_PSDevelopGetSupportParamValueNext@12
_PSDevelopGetThinImageSize@12
_PSDevelopGetThinImageSizeOfRAW_ByModelName@12
_PSDevelopGetThumbnailFromExifTiff@16
_PSDevelopIsSupportParamItem@12
_PSDevelopIsSupportParamValue@16
_PSDevelopLogPosToNormalPos@8
_PSDevelopNomalPosToLogPos@8
_PSDevelopNormalTblToLogTbl@8
_PSDevelopReadParamValueFile@12
_PSDevelopReduction@104
_PSDevelopReflectParamValues@8
_PSDevelopReplaceStreamOfRAW@8
_PSDevelopRotateBMP@12
_PSDevelopRotateJPEG@12
_PSDevelopRotatePropertiesWithRttArray@20
_PSDevelopSetAllParamValueToAtCapture@4
_PSDevelopSetParamValue@12
_PSDevelopUnFocusRAWObject@4
_PSDevelopWriteDevParamToRawEx@8
_PSDevelopWriteParamValueFile@12
_PSEstimateSoundProperties@20
_PSParseCreateAppMarkerData@24
_PSParseCreateAppMarkerDataEx@28
_PSParseCreateTiffTagData@24
_PSParseFreeAppMarkerData@4
_PSParseFreeTiffTagData@4
_PSParseFullViewFileStream@28
_PSParseFullViewFileStreamEx@32
_PSParseGetDCFThumbnail@8
_PSParseGetFileStream2@44
_PSParseGetFileStream@40
_PSParseGetICCProfileData@12
_PSParseGetIIMInfo@8
_PSParseGetJPEGInfo@8
_PSParseGetJPEGInfoEx@8
_PSParseGetRttIDLatest@4
_PSParseGetSOFData@8
_PSParseGetWAVEInfo@8
_PSParseHasCanonOptionalData@8
_PSParseMakePreserveIIMInfo@12
_PSParseReadPreserveIIMInfo@8
_PSParseReplaceIIMInfo@8
_PSParseReplaceOffsetOfOptionalData@8
_PSParseReplaceProperties2@24
_PSParseReplaceProperties@20
_PSParseSetIIMInfo@12
_PSParseSoundProperties@12
_PSParseStream2@28
_PSParseStream@24
_PSParseThumbnailFileStream@36
_PSParseThumbnailFileStreamEx2@44
_PSParseThumbnailFileStreamEx@40
__GetHeapRecordEntryPtr@32
_psParseCreateExifPropBuffer@20
_psParseCreateExifPropBufferEx@20
_psParseCreateExifProperty@12
_psParseCreateHeapObject@24
_psParseCreateHeapObjectEx2@28
_psParseCreateHeapObjectEx@24
_psParseCreateLossLessPropBuffer@20
_psParseCreateMakerNote@20
_psParseCreatePropertyBlock@36
_psParseExifProperty@8
_psParseFreeExifBuffer@4
_psParseFreeHeapObject@28
_psParseFreeMakerNoteBuffer@4
_psParseGetDCFMakerNote@12
_psParseGetExifPropBufferWithReplace@24
_psParseGetFileType@16
_psParseGetHeapObjectDeveloped@20
_psParseGetJpegDataFromPsRAW@12
_psParseGetLCDDataFromTiffRAW@16
_psParseGetMainImageFromCR2@12
_psParseGetOptionAreaData@12
_psParseGetPropHeapObject@24
_psParseGetPropertyData@16
_psParseGetTWAINThumbnailDataFromCR2@20
_psParseGetTWAINThumbnailDataFromTiffRAW@16
_psParseGetTagData@24
_psParseHeapObject@32
_psParseMergePropertiesIntoHeapObject@12

Sections

UPX0
Size: - Virtual size: 716KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 358KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 716KB

UPX1 Size: 358KB - Virtual size: 360KB

.rsrc Size: 7KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 716KB

UPX1
Size: 358KB - Virtual size: 360KB

.rsrc
Size: 7KB - Virtual size: 8KB