d2a417c9ce415c8caaab210c41bccabfb78bf6a225c0fc86d90d1ca611440e0e

Sharing

Copy URL Twitter E-mail

General

Target

d2a417c9ce415c8caaab210c41bccabfb78bf6a225c0fc86d90d1ca611440e0e
Size

100KB
MD5

2a938c25152bc187ab13c78638be10ea
SHA1

588fa8dd61a68053af347c1c3a2d6429dc961aef
SHA256

d2a417c9ce415c8caaab210c41bccabfb78bf6a225c0fc86d90d1ca611440e0e
SHA512

09336468676c4f8930b5e762a4e9dec0ccfdac13e81c76a606e971e5c9132e0747d4226e1be0565d986ef4c39e57a52d465aa190d5126436c938ad22e065c458
SSDEEP

3072:S9KQbmGymKd03Zn/vIUKD5MAZyNqIkO5qvUb2eGqWBj7Xbkdr6w4ZdyVUY3+VWK+:Ch

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2a417c9ce415c8caaab210c41bccabfb78bf6a225c0fc86d90d1ca611440e0e

Files

d2a417c9ce415c8caaab210c41bccabfb78bf6a225c0fc86d90d1ca611440e0e
.dll windows x86

953008803d838a57a80fc9dae93856c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CommConfigDialogW
CreateFileW
DisableThreadLibraryCalls
FormatMessageW
GetModuleHandleW
GetProcAddress
GetTickCount
GlobalAlloc
HeapAlloc
HeapFree
HeapReAlloc
IsBadStringPtrW
LocalFree

ntdll

_vsnprintf

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vswprintf
_strdup
_wcsicmp
_wcsnicmp
free
fwrite
getenv
memcmp
memcpy
memmove
strchr
strcmp
strcpy
strcspn
strlen
wcsncmp

user32

DialogBoxParamW
EndDialog
GetDlgItemInt
GetDlgItemTextW
GetWindowLongW
LoadStringW
MessageBoxW
SendDlgItemMessageW
SetDlgItemInt
SetWindowLongW

winspool.drv

ClosePrinter
OpenPrinterW
XcvDataW

Exports

Exports

InitializePrintMonitorUI

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 192B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 310B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

953008803d838a57a80fc9dae93856c1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

ucrtbase

user32

winspool.drv

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 96B

.rodata Size: 4KB - Virtual size: 8B

.rdata Size: 4KB - Virtual size: 1KB

.eh_fram Size: 4KB - Virtual size: 1KB

.bss Size: - Virtual size: 192B

.edata Size: 4KB - Virtual size: 310B

.idata Size: 4KB - Virtual size: 1KB

.rsrc Size: 40KB - Virtual size: 37KB

.reloc Size: 4KB - Virtual size: 536B

.text
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 96B

.rodata
Size: 4KB - Virtual size: 8B

.rdata
Size: 4KB - Virtual size: 1KB

.eh_fram
Size: 4KB - Virtual size: 1KB

.bss
Size: - Virtual size: 192B

.edata
Size: 4KB - Virtual size: 310B

.idata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 40KB - Virtual size: 37KB

.reloc
Size: 4KB - Virtual size: 536B