MonPrinterEx[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

MonPrinterEx.dll
Size

999KB
MD5

02fc6f88746cb987f4959e46d54ad062
SHA1

8e5a0f98698d53c572019792e53d826a179a29b6
SHA256

f07d9af9fc6ce16d52b6d2e80759ee308d55664f84a578e4dc6c8df0b12f24de
SHA512

d9d0112ecbdd5249d5ff8b3900fe086d30c5e3481f59c90a510f5fd84987aadaa0f8e7ced927f7cf33ec9de6bd3e9e60e2d1f3f456609869e78b11d940fbc264
SSDEEP

24576:wHXuVza0UIV2h2WH/Y8//5FMtIVaXeNpPT:wHXX0UIV2/FSIVaXez

Score

1^/10

Malware Config

Signatures

Files

MonPrinterEx.dll
.dll windows x64

e20cf0bcc3785a6eb50602151794e408

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:b0:af:8e:e0:18:47:aa:c0:fb:93:fa:77:60:1f:fd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

23/09/2022, 00:00

Not After

24/09/2024, 23:59

Subject

SERIALNUMBER=91500109MA60TC5Q33,CN=重庆梦之锦商贸有限公司,O=重庆梦之锦商贸有限公司,ST=重庆市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e58c97e7a29ae58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e9878de5ba86e5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

56:36:39:c6:9f:41:e3:99:5e:c3:2e:29:a8:2e:35:7a:0d:ba:ca:9b:62:15:81:8b:82:c6:32:53:45:18:9d:fd
Signer

Actual PE Digest

56:36:39:c6:9f:41:e3:99:5e:c3:2e:29:a8:2e:35:7a:0d:ba:ca:9b:62:15:81:8b:82:c6:32:53:45:18:9d:fd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualFree
FlushInstructionCache
VirtualAlloc
VirtualProtect
GetCurrentThreadId
SuspendThread
GetFileSize
SetFilePointer
WriteFile
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetProcAddress
HeapReAlloc
HeapAlloc
HeapFree
OutputDebugStringW
GetProcessHeap
InitializeCriticalSectionAndSpinCount
HeapDestroy
FileTimeToSystemTime
lstrlenW
RaiseException
HeapSize
DecodePointer
DeleteCriticalSection
FileTimeToLocalFileTime
lstrlenA
CreateDirectoryW
WideCharToMultiByte
lstrcpynW
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
DisableThreadLibraryCalls
GetLocalTime
FindResourceW
LoadResource
GetCurrentThread
SizeofResource
GetPrivateProfileStringW
FindResourceExW
DeleteFileW
OutputDebugStringA
lstrcatW
GetVersionExW
LocalAlloc
LocalFree
LoadLibraryW
Sleep
CopyFileW
GetCurrentProcessId
GetTickCount
SetEvent
CreateEventW
CreateThread
WaitForMultipleObjects
TerminateThread
ReadFile
EnterCriticalSection
LeaveCriticalSection
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
DuplicateHandle
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
ExitThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
GetCurrentProcess
VirtualQuery
SetThreadContext
GetThreadContext
ResumeThread
CloseHandle
SetLastError
GetLastError
TerminateProcess
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
CreateTimerQueue
WaitForSingleObject
LockResource
ExitProcess
ResetEvent
ReleaseSemaphore
CreateSemaphoreA
CreateEventA
InitializeCriticalSection
IsDBCSLeadByteEx
GetSystemDirectoryW
GetNativeSystemInfo
GetComputerNameW
FindClose
FindNextFileW
DeviceIoControl
CreateFileA
lstrcmpiA
lstrcpynA
LoadLibraryA
GetFullPathNameW
FindFirstFileW
GlobalFree
GlobalReAlloc
GlobalAlloc
WritePrivateProfileStringW
ExpandEnvironmentStringsW
SetEnvironmentVariableA
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
EncodePointer
GetSystemTimeAsFileTime
GetCPInfo
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
RtlPcToFileHeader
RtlUnwindEx
GetTimeZoneInformation
GetModuleHandleExW
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CreateSemaphoreW
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

wsprintfA
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
wsprintfW

winspool.drv

OpenPrinterW
ClosePrinter
EnumPrintersW
DeviceCapabilitiesW
GetPrinterDataW
GetJobW
EnumJobsW
GetPrinterW

advapi32

RegCloseKey
RegEnumKeyA
RegQueryValueExA
RegEnumValueA
SetFileSecurityW
GetSecurityDescriptorControl
AddAccessAllowedAce
AddAce
EqualSid
GetAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
GetFileSecurityW
LookupAccountNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExA

oleaut32

VariantInit
VarUdateFromDate
SystemTimeToVariantTime
SysStringLen
VariantChangeType
VariantClear
SysAllocString
SysFreeString
VariantTimeToSystemTime

shlwapi

StrStrIW
PathFindFileNameW
StrCpyNW
PathIsDirectoryW
PathRemoveFileSpecW
PathCombineW
StrDupW
wvnsprintfA
PathFindExtensionW
StrToIntW
PathRemoveExtensionW
PathFileExistsW
StrCatBuffW
StrToIntA
wvnsprintfW
wnsprintfW

wininet

InternetGetLastResponseInfoW
FtpFindFirstFileW
HttpSendRequestExA
HttpQueryInfoA
InternetConnectA
InternetSetOptionA
HttpOpenRequestA
HttpEndRequestA
HttpAddRequestHeadersA
InternetOpenA
FtpOpenFileW
InternetQueryDataAvailable
InternetWriteFile
InternetReadFile
InternetCloseHandle
InternetOpenW
InternetConnectW
FtpCreateDirectoryW
FtpCommandW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

WSACleanup
gethostbyname
gethostname
WSAStartup
inet_ntoa

ole32

CoInitialize
CoCreateInstance
CoCreateGuid
CoInitializeSecurity
CoSetProxyBlanket

Exports

Exports

InstallPrinterMonitor
StartPrinterMonitor

Sections

.text
Size: 673KB - Virtual size: 672KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mem_shar
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e20cf0bcc3785a6eb50602151794e408

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:b0:af:8e:e0:18:47:aa:c0:fb:93:fa:77:60:1f:fdCertificate

Extended Key Usages

Key Usages

56:36:39:c6:9f:41:e3:99:5e:c3:2e:29:a8:2e:35:7a:0d:ba:ca:9b:62:15:81:8b:82:c6:32:53:45:18:9d:fdSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winspool.drv

advapi32

oleaut32

shlwapi

wininet

version

ws2_32

ole32

Exports

Exports

Sections

.text Size: 673KB - Virtual size: 672KB

.rdata Size: 224KB - Virtual size: 224KB

.data Size: 21KB - Virtual size: 39KB

.pdata Size: 34KB - Virtual size: 34KB

.detourc Size: 26KB - Virtual size: 26KB

.detourd Size: 512B - Virtual size: 64B

mem_shar Size: 512B - Virtual size: 8B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 8KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:b0:af:8e:e0:18:47:aa:c0:fb:93:fa:77:60:1f:fd
Certificate

56:36:39:c6:9f:41:e3:99:5e:c3:2e:29:a8:2e:35:7a:0d:ba:ca:9b:62:15:81:8b:82:c6:32:53:45:18:9d:fd
Signer

.text
Size: 673KB - Virtual size: 672KB

.rdata
Size: 224KB - Virtual size: 224KB

.data
Size: 21KB - Virtual size: 39KB

.pdata
Size: 34KB - Virtual size: 34KB

.detourc
Size: 26KB - Virtual size: 26KB

.detourd
Size: 512B - Virtual size: 64B

mem_shar
Size: 512B - Virtual size: 8B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB