9e5d96577c3232f4f63938533a9bc97e8691f90830d6bf7b85e376b22a97ac86

Sharing

Copy URL Twitter E-mail

General

Target

9e5d96577c3232f4f63938533a9bc97e8691f90830d6bf7b85e376b22a97ac86
Size

178KB
MD5

53f39d5bcce9d227dfc0a8bed12d0077
SHA1

820c98f96c1db5b7346017506ea92dee78af4503
SHA256

9e5d96577c3232f4f63938533a9bc97e8691f90830d6bf7b85e376b22a97ac86
SHA512

51c4593bf1a735fb070b59b1c68129e8bfbd99b309bf4be330172aec73bb60aa49f9cf4040fbbcc3f8b3d92cce1e277d088ac8bf5e76f594cf9391ee8f5e3f58
SSDEEP

3072:EJfv59FiWkDfXb1o0Dku0vNcv9KMcjBgS8UxeIbSfAEd+1iAs+qJ+:OiTDvb1Lku00KMzcNCA/EJ+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9e5d96577c3232f4f63938533a9bc97e8691f90830d6bf7b85e376b22a97ac86

Files

9e5d96577c3232f4f63938533a9bc97e8691f90830d6bf7b85e376b22a97ac86
.exe windows:5 windows x86

d3942393e161d1157f80fe356dbe428a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rp4xxdriverutildll

_DriverIsInstalled@4
_getMonitors@4
_SpoolServiceIsStar@0
_restartSpooler@0
_DriversOneInstalled@0
_ReleasePortInfo@4
_getOsName@4
_isCOM@4
_configCOM@20
_isLPT@4
_uninstall@0
_enumPrinterPorts@4
_configLPT@12
_setRegStr@12
_WriteLog@8
_RP4xxUninstallDriver@4
_RP4xxInstallDriver@4

kernel32

CreateThread
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
ExitThread
InterlockedPopEntrySList
VirtualAlloc
GetProcessHeap
SetLastError
RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
CloseHandle
CreateFileW
CreateDirectoryW
GetCurrentThreadId
Sleep
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
lstrlenW
GetProcAddress
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
LoadLibraryW
GetOverlappedResult
WaitForSingleObject
WriteFile
SetCommState
ReadFile
FormatMessageW
GetSystemDefaultLangID
WideCharToMultiByte
HeapFree
InitializeCriticalSection
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LCMapStringW
SetEndOfFile
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
CreateFileA
WriteConsoleW
SetFilePointer
FlushFileBuffers
SetStdHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapCreate
GetLocaleInfoW
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapSize
HeapReAlloc
GetConsoleMode
GetConsoleCP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSetInformation
GetCommandLineW
RtlUnwind
EncodePointer
DecodePointer
InterlockedPushEntrySList
InterlockedCompareExchange

user32

SendMessageW
MessageBoxW
GetWindowLongW
SetTimer
GetDlgItem
SetWindowPos
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
SetDlgItemTextW
SetWindowTextW
SetWindowLongW
GetParent
wsprintfW
GetWindowRect
GetWindow
EndDialog
GetWindowTextW
SendDlgItemMessageW
SetForegroundWindow
SetDlgItemInt
GetDlgItemInt
GetDlgItemTextW
LoadImageW
DestroyWindow
PostQuitMessage
GetSystemMetrics
DialogBoxParamW
GetActiveWindow
KillTimer
ShowWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
UnregisterClassA
DefWindowProcW
CreateDialogParamW
EnableWindow
IsDialogMessageW
CharNextW

winspool.drv

AddPortW
OpenPrinterW
ClosePrinter
EndPagePrinter
WritePrinter
EndDocPrinter
StartPagePrinter
StartDocPrinterW

advapi32

RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW

ole32

CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

ws2_32

htons
setsockopt
socket
WSAStartup
recv
shutdown
send
WSACleanup
closesocket
WSAGetLastError
connect
recvfrom
bind
sendto
gethostname
gethostbyname
inet_ntoa
inet_addr

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3942393e161d1157f80fe356dbe428a

Headers

DLL Characteristics

File Characteristics

Imports

rp4xxdriverutildll

kernel32

user32

winspool.drv

advapi32

ole32

oleaut32

comctl32

ws2_32

setupapi

Sections

.text Size: 107KB - Virtual size: 107KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 7KB - Virtual size: 20KB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 107KB - Virtual size: 107KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 7KB - Virtual size: 20KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 11KB - Virtual size: 10KB