869b8dd87e402049eae435de3de1e15a021d9fcbf79a20be3b030d3782599903

Sharing

Copy URL Twitter E-mail

General

Target

869b8dd87e402049eae435de3de1e15a021d9fcbf79a20be3b030d3782599903
Size

529KB
MD5

cd13340ef4c58f75edcbcdd09a4637fe
SHA1

90fa83e66594e7359a7f2bdbd253d491e28c1638
SHA256

869b8dd87e402049eae435de3de1e15a021d9fcbf79a20be3b030d3782599903
SHA512

78bd067cbbf5c8adcef8d2ae60979ba2ec045c2a2ada47903d19749b3798e2deb34ff7116209dcbeaf9a6d002f7cd89b2de0feec82f4746d7b4845bb6e3db175
SSDEEP

12288:XlEdttehghM7OUq6utZmuRx0QXeaCom5wIfK2/xZ3ZVxTsmQuWjTTQY+HB:aeamseK/m5p6ucTqH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
869b8dd87e402049eae435de3de1e15a021d9fcbf79a20be3b030d3782599903

Files

869b8dd87e402049eae435de3de1e15a021d9fcbf79a20be3b030d3782599903
.dll windows:6 windows x86 arch:x86

8b4ee065898602a2465d8177d4f77269

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\john\c++\SimpleRar\Release\SimpleRar_dll.pdb

Imports

kernel32

WaitForSingleObject
GetSystemDirectoryW
GetLastError
CloseHandle
CreateProcessW
VirtualFree
GetLogicalDriveStringsW
GetDriveTypeW
Sleep
DeleteFileW
VirtualAlloc
CreateFileA
FileTimeToSystemTime
GetFileSize
SystemTimeToTzSpecificLocalTime
GetFileTime
CreateDirectoryW
PeekNamedPipe
FindFirstFileW
FindNextFileW
WriteFile
RemoveDirectoryW
GetModuleFileNameW
FindClose
CreateFileW
SetFileAttributesW
MultiByteToWideChar
CopyFileW
WideCharToMultiByte
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
WriteConsoleW
CreatePipe
ReadFile
GetModuleFileNameA
GetStartupInfoW
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
IsDebuggerPresent
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
FreeLibrary
LoadLibraryExW
GetFileInformationByHandle
GetFileType
SetFilePointerEx
ExitProcess
GetModuleHandleExW
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetFileSizeEx
GetStdHandle
FlushFileBuffers
HeapFree
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
SetEndOfFile
HeapReAlloc
HeapSize
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap

Exports

Exports

AddDSV2Shedule
AddDSV2SheduleW
AddHeader2Fax
AddHeader2FaxW
AddOcrData2Pdf
AddOcrData2Tif
AddOcrData2TifW
BlindDrawFaxPage
BlindFaxPageLoad
BlindFaxPageLoadW
BlindFaxRotate
CBlindDrawFaxPage
CDrawFaxPage
CDrawPage
ChangeVFServiceConfig
CloseStrFile2
CodePhone
ConvertBitmap
Convert_DT
CreateNeedBitmap
CreateProcessAndWaitStoppedIt
CreateProcessAndWaitStoppedItW
DFacePageProc
DMainWndProc
DPageDlgProc
DecodePhone
DrawFaxPage
EnumRasEntries
EnumRasEntriesW
ExecAsCurrentUser
ExecAsCurrentUserW
ExecInSession
ExecInUserSession
ExecInUserSessionW
ExecInUserSessionW2
ExportGrp
FaxPageLoad
FaxPageLoadW
FindHuaweiIntrefaceW
FindOcrLanguages
FindOcrTexts
FindOcrTextsW
FindWTSId
FindWTSIdW
GetChipParam
GetComDescriptionW
GetConsoleProcessId
GetConsoleProcessIdW
GetCoverTags
GetCoverTagsW
GetDescription
GetDescriptionW
GetFaxInfo
GetFaxInfoW
GetFaxPageInfo
GetFaxPageInfoW
GetFullTime
GetMapiProfiles
GetNumTAPILines
GetOcrData
GetOcrDataW
GetOcrText
GetOcrTextW
GetPdfInfo
GetPdfInfoW
GetPdfPageInfo
GetStatShedule
GetStrFile2Pointer
GetSubstrByNum
GetTagNameIndex
GetTiffInfo
GetTiffInfoW
GetTiffPageInfo
GetTiffPageInfoW
GetUserProcessId
GetUserProcessIdW
GetVentaPaths
GetVentaPathsW
GetVer
GetVerEx
GetVfx
GetVfx1
GetVfx2
GetVntfxfInfo
GlueColorFaxs
GlueFaxs
GlueFaxsEx
GlueFaxsExEx
GlueFaxsExExW
Gray2BW
Gray2GrayW
HBitmapDraw
HBitmapFaxPageLoad
HBitmapFaxPageLoadW
HBitmapFaxPageLoadWithHeader
HBitmapFaxPageLoadWithHeaderW
HBitmapMash
HBitmapRotate
HBitmapRotate2
HBitmapTiffPageLoad
HBitmapTiffPageLoadW
InstallVFService
IsWow64
LiteFaxViewDlg
ModemClose
ModemGetStatus
ModemOpen
ModemOpenFossilFile
ModemRead
ModemWrite
MyGetFileTitle
MyGetFileTitleW
OpenShedFiles
OpenShedFilesW
OpenStrFile2
OpenStrFile2W
PlayingWav
PlayingWavW
PutInShedule
PutInSheduleEx
PutInSheduleExW
RGB2Gray
RGB2GrayW
ReadFaxBlockInfo
ReadFaxBlockInfoW
ReadStr2
ReadStr2W
RecindingWav
RecordingWavW
RemoveService
Rotate
SaveBitmap2BodyMyTiff
SaveBitmap2Tiff
ScaleWav
ScaleWavW
SendMailOutlookDialog
SendMessage2Concole
SendMessage2ConcoleW
SetColorInfo
SetDescription
SetDescriptionW
SetStrFile2Pointer
SetupVentaFaxPrinterWOW64
StretchBitmap
StretchBitmapBuf
StretchDIB2HBitmap
StretchHBitmap
StretchHBitmap2HBitmap
StretchHBitmap2HBitmapH
TIFFClose
TIFFFlushData
TIFFGetField
TIFFOpen
TIFFOpenW
TIFFReadBufferSetup
TIFFReadScanline
TIFFScanlineSize
TIFFSetDirectory
TIFFSetField
TIFFWriteBufferSetup
TIFFWriteDirectory
TIFFWriteScanline
TestComs
TestProcessExec
TestProcessExecW
Tiff2Pdf
Tiff2PdfExW
TransparentHBitmap
TransparentHBitmap2HBitmap
VFOpenFileMapping
VoiceFileTime
VoiceFileTimeW
_TIFFNoRowDecode
aCloseTAPI
aGetLinesInfo
aGetLinesInfoW
aGetTAPICaps
aInitTAPI
aOpenTAPI
aTraslateNumber
aTraslateNumberEx
cod1

Sections

.text
Size: 373KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b4ee065898602a2465d8177d4f77269

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 373KB - Virtual size: 372KB

.rdata Size: 122KB - Virtual size: 122KB

.data Size: 11KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 373KB - Virtual size: 372KB

.rdata
Size: 122KB - Virtual size: 122KB

.data
Size: 11KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 21KB - Virtual size: 20KB