PSCRIPT5[.]DLL

Sharing

Copy URL Twitter E-mail

General

Target

PSCRIPT5.DLL
Size

550KB
MD5

d2a7b07bd3e54e70cc387eb73b7c8be4
SHA1

bedf599afeeee4f04a1bd69d423261d856815716
SHA256

3ce7bfdcaa79fecbf6bf5fa5bc268b1988326fcbdfcc858e5a1727fb1673434b
SHA512

8fdfd54e519b6127796be12abd783f579ce89bed96e5ff3d92dade8beb8eb8e33c20bc4ae477df94c4d1258cb2ed46eace066a5c90268c71d0137605fac6fa9b
SSDEEP

12288:IESPe4T329fKh32+dx53ORzCYfxSc7ObNGMPOzCfUAC3LZui:Izh29of+RrSc7OwYcAC3LY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PSCRIPT5.DLL

Files

PSCRIPT5.DLL
.dll windows:10 windows x86 arch:x86

6033b935ddf864669bf6ccfa2c660b96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

pscript5.pdb

Imports

msvcrt

_amsg_exit
_XcptFilter
free
_callnewh
malloc
wcsrchr
qsort
strncpy
strchr
strstr
_wcsicmp
_wmakepath_s
_wsplitpath_s
strncmp
_stricmp
_initterm
memcpy
_vsnprintf
_except_handler4_common
ceil
_setjmp3
_ftol2_sse
__CxxFrameHandler3
_ultoa_s
_ltoa_s
wcschr
strrchr
_purecall
iswctype
_strnicmp
isspace
_wcsnicmp
wcstok_s
wcsstr
_vsnwprintf
iswspace
strtol
atoi
_ltoa
longjmp
wcsnlen
memset

advapi32

RegQueryInfoKeyW
RegEnumValueW
RegCloseKey
RegOpenKeyExW
RegGetValueW
EventWriteTransfer
EventRegister
EventUnregister

version

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

winspool.drv

GetPrinterW
GetPrinterDriverDirectoryW
GetPrinterDriverW
GetPrinterDataW
GetJobW
ClosePrinter
EnumFormsW
OpenPrinterW
WritePrinter

kernel32

SetLastError
InitializeCriticalSectionAndSpinCount
MulDiv
DeleteCriticalSection
HeapDestroy
LocalAlloc
GetProcAddress
FreeLibrary
OpenProcess
CloseHandle
DeleteFileW
GetTempPathW
GetTempFileNameW
WideCharToMultiByte
CreateFileW
WriteFile
GlobalFree
EnterCriticalSection
LeaveCriticalSection
HeapCreate
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetSystemDefaultLangID
GetSystemDirectoryW
GetModuleHandleW
VerSetConditionMask
VerifyVersionInfoW
CompareFileTime
GetFileTime
UnmapViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
SetErrorMode
LoadLibraryExW
HeapAlloc
MultiByteToWideChar
GetLastError
GetPrivateProfileSectionW
GetFileAttributesW
GetPrivateProfileStringW
GetFinalPathNameByHandleW
GetUserDefaultUILanguage
VirtualFree
GetFullPathNameW
GetCPInfo
VirtualAlloc
LockResource
RaiseException
GetSystemInfo
LoadResource
FindResourceW
HeapFree
GetModuleFileNameW
LocalFree
GetModuleHandleExW
LoadLibraryW

gdi32

BRUSHOBJ_pvGetRbrush
EngFindResource
EngQueryLocalTime
EngDeletePath
CLIPOBJ_ppoGetPath
FONTOBJ_cGetAllGlyphHandles
BRUSHOBJ_hGetColorTransform
FONTOBJ_pifi
STROBJ_bEnumPositionsOnly
STROBJ_vEnumStart
PATHOBJ_bEnum
PATHOBJ_vEnumStart
PATHOBJ_vGetBounds
XLATEOBJ_hGetColorTransform
EngGetCurrentCodePage
FONTOBJ_cGetGlyphs
FONTOBJ_pQueryGlyphAttrs
FONTOBJ_vGetInfo
EngComputeGlyphSet
EngAlphaBlend
EngLoadModule
FONTOBJ_pvTrueTypeFontFile
EngAssociateSurface
XFORMOBJ_iGetXform
XFORMOBJ_bApplyXform
FONTOBJ_pxoGetXform
EngUnicodeToMultiByteN
EngUnlockSurface
EngCopyBits
EngLockSurface
EngCreateBitmap
XLATEOBJ_iXlate
EngTransparentBlt
EngStretchBltROP
EngBitBlt
EngEraseSurface
XLATEOBJ_piVector
BRUSHOBJ_pvAllocRbrush
EngCreatePalette
EngFreeModule
EngDeleteSurface
EngDeletePalette
EngCreateDeviceSurface

user32

LoadStringW
GetAppCompatFlags2

mscms

InternalGetPS2ColorSpaceArray
InternalGetPS2ColorRenderingDictionary
InternalGetPS2CSAFromLCS
InternalGetPS2PreviewCRD

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

Exports

Exports

DllMain
DrvDisableDriver
DrvEnableDriver
DrvQueryDriverInfo

Sections

.text
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 191KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6033b935ddf864669bf6ccfa2c660b96

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

version

winspool.drv

kernel32

gdi32

user32

mscms

ole32

Exports

Exports

Sections

.text Size: 333KB - Virtual size: 332KB

.data Size: 9KB - Virtual size: 9KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 191KB - Virtual size: 192KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 333KB - Virtual size: 332KB

.data
Size: 9KB - Virtual size: 9KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 191KB - Virtual size: 192KB

.reloc
Size: 11KB - Virtual size: 11KB