4817e0a539a8fbefae162c0d6848e0fe

Sharing

Copy URL Twitter E-mail

General

Target

4817e0a539a8fbefae162c0d6848e0fe
Size

150KB
MD5

4817e0a539a8fbefae162c0d6848e0fe
SHA1

e396165c3e5a8e814e362bb0f1d84bfedd3fc79c
SHA256

5da840db8a1d5426c514227ed365dc033bfb600849c831c7370854f61c70caeb
SHA512

311a784c71e89e6f2b04b140a711107708108c3b72e93baff369003c8b2095445b9365139c6103f054810ad10ccc130c0b6cf37700e101ff9fe8638a2e5aca28
SSDEEP

3072:ATJ/Xbn13cfaIkNsOXYi28iPM+ECb2dx6E16l1xm:aXL1sfwNxYiffCar6E8m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4817e0a539a8fbefae162c0d6848e0fe

Files

4817e0a539a8fbefae162c0d6848e0fe
.dll windows:5 windows x86 arch:x86

8a8b6802e59ce02465dbeed155b39981

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_wstrdate
_wcsset
malloc
_adjust_fdiv
_initterm
free
swprintf
_wsplitpath
_wcsicmp
_wcsnset
wcsncpy
_vsnwprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
_strnicmp
strncpy
wcscmp
wcsrchr
_snwprintf
wcscpy
wcslen
wcscat
_except_handler3
_wstrtime

user32

SetCursor
DialogBoxParamW
GetWindowTextW
SetWindowLongW
SetFocus
LoadCursorW
MessageBoxW
SetWindowPos
SetForegroundWindow
WinHelpW
EnumChildWindows
wvsprintfW
MessageBeep
EndDialog
FindWindowW
PostMessageW
GetDlgCtrlID
wsprintfW
GetDlgItemInt
SetWindowTextW
GetWindowLongW
LoadIconW
ShowWindow
LoadMenuW
GetSubMenu
DestroyMenu
CheckMenuItem
EnableMenuItem
SetMenuDefaultItem
GetMessagePos
TrackPopupMenu
GetFocus
IsWindowEnabled
SetDlgItemInt
LoadStringW
GetParent
SendMessageW
GetDlgItemTextW
SetDlgItemTextW
IsDlgButtonChecked
GetDlgItem
EnableWindow
SendDlgItemMessageW
CheckDlgButton
SetActiveWindow

kernel32

GetExitCodeProcess
GetWindowsDirectoryW
GetLastError
GetFullPathNameW
lstrlenW
lstrcpyW
LoadLibraryA
LoadLibraryW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
InterlockedDecrement
SetLastError
GetModuleFileNameW
OutputDebugStringA
lstrcpynW
GetLocalTime
LeaveCriticalSection
EnterCriticalSection
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
SetEndOfFile
SetFilePointer
DeleteFileW
GetTempFileNameW
GetSystemDirectoryW
SetEnvironmentVariableW
GetEnvironmentVariableW
CreateFileW
ReadFile
WriteFile
SetEvent
OpenEventW
CopyFileW
ReleaseMutex
IsBadStringPtrW
OpenFileMappingW
WaitForSingleObject
OpenMutexW
HeapDestroy
HeapFree
HeapAlloc
LocalAlloc
LocalReAlloc
LocalFree
FreeLibrary
HeapCreate
DeleteCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GlobalFree
lstrcmpiW
GlobalAlloc
ExpandEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStringTypeExW
GetTimeFormatW
GetProcessHeap
GetVersionExW
WideCharToMultiByte
GetDateFormatW
lstrcatW
MoveFileExW
GetFileType
FindClose
FindFirstFileW
GetTempPathW
SystemTimeToFileTime
GetSystemTime
GetFileSize
GetCurrentThread
Sleep
InterlockedExchange
RaiseException
MulDiv
OutputDebugStringW
lstrcmpW

winspool.drv

WritePrinter
EndDocPrinter
AbortPrinter
GetJobW
StartPagePrinter
StartDocPrinterW
ClosePrinter
SetJobW
OpenPrinterW
EnumPrintersW
GetPrinterW
EnumFormsW
GetPrinterDataW
SetPrinterDataW
GetPrinterDriverW
EndPagePrinter

shell32

ord258
ShellExecuteExW
ShellExecuteW
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
ord259

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW
CloseServiceHandle
OpenProcessToken
OpenThreadToken
QueryServiceStatus
MapGenericMask
OpenServiceW
MakeSelfRelativeSD
GetSecurityDescriptorLength
GetSecurityDescriptorControl
RegQueryValueExW
OpenSCManagerW
LookupPrivilegeValueW
DuplicateTokenEx
AdjustTokenPrivileges
SetThreadToken
StartServiceW
RegOpenKeyExW

netapi32

NetApiBufferFree

fxswzrd

FaxSendWizard
FaxFreeSendWizardData

Exports

Exports

DevQueryPrintEx
DrvAdvancedDocumentProperties
DrvConvertDevMode
DrvDeviceCapabilities
DrvDevicePropertySheets
DrvDocumentEvent
DrvDocumentProperties
DrvDocumentPropertySheets
DrvPrinterEvent
PrinterProperties

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a8b6802e59ce02465dbeed155b39981

Headers

File Characteristics

Imports

msvcrt

user32

kernel32

winspool.drv

shell32

advapi32

netapi32

fxswzrd

Exports

Exports

Sections

.text Size: 73KB - Virtual size: 72KB

.data Size: 67KB - Virtual size: 69KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 73KB - Virtual size: 72KB

.data
Size: 67KB - Virtual size: 69KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB