683c7df5569fecbcb5061f10f26130e1

Sharing

Copy URL Twitter E-mail

General

Target

683c7df5569fecbcb5061f10f26130e1
Size

292KB
MD5

683c7df5569fecbcb5061f10f26130e1
SHA1

a2b258fc85d83d3733a2e772e64d91971ec5bcad
SHA256

087f3f4f96db02692ba4c8d4f04b36499699526d1992781c1d769e0dc875daf8
SHA512

579f0f365a4659fc352b2bc1fd7f9dda341d112c2280179616a11e3c7a0c1da3cb30a73d32dccc0f9f4b4f68f7c0d4c8416f300af5a2be3fd9d7f0b765691cf6
SSDEEP

6144:nLEFMujP+X+V7nJ1+Pc80h6H/XogIVsdZySx:4FP+w7mYgIwZDx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
683c7df5569fecbcb5061f10f26130e1

Files

683c7df5569fecbcb5061f10f26130e1
.dll regsvr32 windows:4 windows x86 arch:x86

0dd5f04427879889d2143f0f2f585279

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winspool.drv

ord203
EnumPrintersW

kernel32

lstrcmpiW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
GetLastError
GetModuleHandleW
SetThreadLocale
GetThreadLocale
LockResource
FindResourceExW
lstrcpyW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
CreateFileW
LoadLibraryExW
UnhandledExceptionFilter
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReadFile
GetLocaleInfoW
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
TerminateProcess
GetCurrentProcess
SetEndOfFile
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
VirtualFree
VirtualAlloc
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
GetCPInfo
GetOEMCP
LCMapStringA
WideCharToMultiByte
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
GetStringTypeA

user32

CharNextW
UnregisterClassA

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0dd5f04427879889d2143f0f2f585279

Headers

File Characteristics

Imports

winspool.drv

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 120KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 16KB - Virtual size: 21KB

.rsrc Size: 108KB - Virtual size: 104KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 124KB - Virtual size: 120KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 108KB - Virtual size: 104KB

.reloc
Size: 12KB - Virtual size: 9KB