0e36a711f846c15664e5678faaf23a99

Sharing

Copy URL

Twitter E-mail

General

Target

0e36a711f846c15664e5678faaf23a99
Size

252KB
MD5

0e36a711f846c15664e5678faaf23a99
SHA1

2683f8e0d57962a2fe87e6d37575f4c9f7d4c0d3
SHA256

3f643370f03d0e8ba052a4f2d568c9d53630618e0ce58015ace043caa6ba43b4
SHA512

3ee7aad7896d7ce3c99f0f509878b0d132d7bd4f670959bce279f7ee6cee50ed784adf7738abdbf116620f94ca3c45e351f8336982b8950d640f5656e6d2330a
SSDEEP

6144:1HHym5gaC1vhLuslBHKLtkQ4CyCJkiaLYFY1:RHzg11vxpHKLtRJPHS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e36a711f846c15664e5678faaf23a99

Files

0e36a711f846c15664e5678faaf23a99
.dll windows:4 windows x86 arch:x86

28da232494fdae9459c8673177aa6c23

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

EngStretchBltROP
EngStrokePath
EngStretchBlt
EngFillPath
EngStrokeAndFillPath
EngUnicodeToMultiByteN
EngGetCurrentCodePage
FONTOBJ_pifi
FONTOBJ_cGetGlyphs
STROBJ_bEnum
STROBJ_vEnumStart
PATHOBJ_bEnum
PATHOBJ_vEnumStart
XFORMOBJ_bApplyXform
FONTOBJ_pxoGetXform
XFORMOBJ_iGetXform
FONTOBJ_pvTrueTypeFontFile
EngBitBlt
EngEraseSurface
EngWideCharToMultiByte
EngGetPrinterDataFileName
EngCreateSemaphore
EngDeleteSemaphore
EngCreatePalette
EngDeletePalette
EngAssociateSurface
EngCreateDeviceSurface
XLATEOBJ_iXlate
EngMultiByteToUnicodeN
EngReleaseSemaphore
EngAcquireSemaphore
EngDeletePath
CLIPOBJ_ppoGetPath
BRUSHOBJ_pvAllocRbrush
BRUSHOBJ_pvGetRbrush
CLIPOBJ_cEnumStart
CLIPOBJ_bEnum
EngComputeGlyphSet
STROBJ_dwGetCodePage
EngDeleteSurface

kernel32

GetEnvironmentVariableW
GetFileSize
UnmapViewOfFile
FreeLibrary
GetProcAddress
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
CreateFileW
CreateFileMappingW
InitializeCriticalSection
DeleteCriticalSection
MapViewOfFile
CloseHandle
SetLastError
GlobalAlloc
GlobalFree
GetCPInfo
GetModuleFileNameA
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetLastError
WideCharToMultiByte
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess
GetModuleHandleA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetFilePointer
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
LoadLibraryA
GetLocaleInfoW

advapi32

RegCloseKey
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW

winspool.drv

GetPrinterDataW
GetPrinterW
GetPrinterDriverW

Exports

Exports

DrvDisableDriver
DrvEnableDriver
DrvQueryDriverInfo

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28da232494fdae9459c8673177aa6c23

Headers

File Characteristics

Imports

gdi32

kernel32

advapi32

winspool.drv

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 96KB - Virtual size: 98KB

.rsrc Size: 4KB - Virtual size: 952B

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 96KB - Virtual size: 98KB

.rsrc
Size: 4KB - Virtual size: 952B

.reloc
Size: 8KB - Virtual size: 5KB