e96d471e47ecfc16500c3dc8ea9104c3b6326de7417fdd551510a5c905258c38

Sharing

Copy URL Twitter E-mail

General

Target

e96d471e47ecfc16500c3dc8ea9104c3b6326de7417fdd551510a5c905258c38
Size

176KB
MD5

df045c7e8d9a3154e24f4dea9f94013b
SHA1

d02dec4bfb73edd43f02c001244963872b7b4d6a
SHA256

e96d471e47ecfc16500c3dc8ea9104c3b6326de7417fdd551510a5c905258c38
SHA512

8789cd6c87a14911df89445d2d62839a8fe5020334b016c9af55f65dd17f9fb12a53378b922e3b80cc31ea84a90414735e01a25f0a12453b8710bce823196c80
SSDEEP

1536:ETbnPIaG1tJaSba6Bj1HjrSfpm1o4x3rvJd/q/IsxwhGpEA4X/PuANSWGrOqgUfr:yLG1tgSGWDrShGD3TJd/q/IapXgpTBm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e96d471e47ecfc16500c3dc8ea9104c3b6326de7417fdd551510a5c905258c38

Files

e96d471e47ecfc16500c3dc8ea9104c3b6326de7417fdd551510a5c905258c38
.dll windows:4 windows x86 arch:x86

c2c61bca182e139f224ac2d12b1e8b86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ResetEvent
WaitForSingleObject
CreateEventW
InitializeCriticalSection
CreateMutexW
DeleteCriticalSection
Sleep
SetLastError
GetThreadPriority
GetCurrentThread
GetLastError
SetEvent
ReleaseMutex
GetTickCount
OpenEventA
lstrcmpA
lstrcmpiW
lstrcmpW
FreeLibrary
GetProcAddress
LoadLibraryW
CreateThread
WaitForMultipleObjects
OpenEventW
GetCurrentThreadId
GetVersionExW
WriteFile
lstrlenW
CreateFileW
lstrcatW
lstrcpynW
GetComputerNameA
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
MultiByteToWideChar
IsDBCSLeadByte
HeapDestroy
DisableThreadLibraryCalls
HeapCreate
LoadLibraryA
GetSystemDirectoryA
lstrcatA
SetThreadPriority
CloseHandle
HeapAlloc
HeapFree
lstrcpyA
ResumeThread
lstrlenA

user32

GetKeyboardType
CharLowerBuffW
wsprintfW
wsprintfA

advapi32

RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW

mpr

WNetGetConnectionW

spoolss

EnumPrintersW
SetPortW
SetPrinterW
GetPrinterDriverW
XcvDataW
EnumPortsW
SetJobW
OpenPrinterW
GetJobW
ClosePrinter
GetPrinterW
EnumJobsW

ntdll

RtlUnwind
sprintf
strchr
strtoul
_itoa
wcschr
strcspn
strncmp
_chkstk
_wcsicmp
strncpy
wcsstr
wcscpy
wcslen
_stricmp
_wcsnicmp
wcsncmp
wcscmp

ws2_32

getservbyport
WSACleanup
WSAStartup
ioctlsocket
__WSAFDIsSet
select
WSAGetLastError
connect
htons
setsockopt
socket
WSASetLastError
send
recv
inet_ntoa
htonl
gethostbyname
inet_addr
getservbyname
gethostbyaddr
ntohs
closesocket

msvcrt

free
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
malloc
_adjust_fdiv
__dllonexit
_onexit
calloc
_initterm

ole32

CoCreateGuid

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW

Exports

Exports

DllEntryPoint
InitializePrintMonitor2

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2c61bca182e139f224ac2d12b1e8b86

Headers

File Characteristics

Imports

kernel32

user32

advapi32

mpr

spoolss

ntdll

ws2_32

msvcrt

ole32

setupapi

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 56KB - Virtual size: 55KB

.rsrc Size: 4KB - Virtual size: 928B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 56KB - Virtual size: 55KB

.rsrc
Size: 4KB - Virtual size: 928B

.reloc
Size: 8KB - Virtual size: 4KB