6a5fc6cb314ec49c9e835200f6b878e19c6c46aa6142ffe5e3a94f3ba7489ab9

Sharing

Copy URL Twitter E-mail

General

Target

6a5fc6cb314ec49c9e835200f6b878e19c6c46aa6142ffe5e3a94f3ba7489ab9
Size

119KB
MD5

51a271ef8f873df5e19c619f10df641a
SHA1

17a811610bb9b8b8ae22edfbb12b362b7a14f95a
SHA256

6a5fc6cb314ec49c9e835200f6b878e19c6c46aa6142ffe5e3a94f3ba7489ab9
SHA512

19fa6422c3dfefa551346719f7a349e1927c7592c5ee9101fac17db3cb2c3aec847407ca7a06b4e8672b1db19fba8e813267defd11b857820fdfcbe67072c372
SSDEEP

3072:7Qsx3a2wnB3tL5WyId38XaVEqCb2myKIxun9:ksA/cxHEqCb2WIxun9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e_jdsp50.dll

Files

6a5fc6cb314ec49c9e835200f6b878e19c6c46aa6142ffe5e3a94f3ba7489ab9
.cab
e_jdsp50.dll
.dll windows:6 windows x86 arch:x86

5383adff706d8900ecc1ba61d3a5ec35

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e_jdsp50.pdb

Imports

kernel32

FreeLibrary
lstrcmpW
GetProcAddress
LoadLibraryW
GetVersionExW
CreateDirectoryW
WriteFile
lstrlenW
GetLocalTime
CreateProcessW
GetComputerNameW
lstrcmpA
GetCurrentThread
WaitForSingleObject
GetPrivateProfileStringW
GetWindowsDirectoryW
GetTempPathW
GetPrivateProfileIntW
WideCharToMultiByte
CreateEventW
TerminateThread
SetEvent
GetExitCodeThread
GetPrivateProfileStringA
GetSystemTime
GetTickCount
ResetEvent
ResumeThread
GetUserDefaultLangID
GetCommandLineA
GetVersionExA
RaiseException
RtlUnwind
OutputDebugStringA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileW
FindNextFileW
GetSystemTimeAsFileTime
ExitThread
CreateThread
GetModuleHandleA
ExitProcess
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThreadId
GetLastError
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
HeapSize
LoadLibraryExA
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
VirtualProtect
GetSystemInfo
VirtualQuery
CreateFileA
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
DeleteFileW
GetTempFileNameW
Sleep
UnmapViewOfFile
MapViewOfFile
GetFileSize
CreateFileMappingW
GlobalAlloc
GlobalFree
GetProcessHeap
HeapAlloc
HeapFree
DisableThreadLibraryCalls
RemoveDirectoryW
CreateFileW
SetFilePointer
ReadFile
CloseHandle
lstrlenA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetHandleCount
InitializeCriticalSection
OutputDebugStringW
GetFileSizeEx
GetFileAttributesW
GetSystemDirectoryW
OpenFileMappingW
LocalFree
LocalAlloc
ReleaseMutex
CreateMutexW
OpenMutexW

advapi32

RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
SetThreadToken
OpenThreadToken
RegOpenKeyExW
RegSetValueExW
RegCloseKey
GetUserNameW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityW
DuplicateTokenEx
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
FreeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW

user32

CharPrevW

winspool.drv

WritePrinter
GetPrinterDataW
GetPrinterDataExW
GetPrinterW
EnumPortsW
SetJobW
ClosePrinter
GetJobW
EndDocPrinter

netapi32

Netbios

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW

shlwapi

StrStrW

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

Exports

Exports

DrvSplAbort
DrvSplAllowUsingPrinterHandle
DrvSplClose
DrvSplEndDoc
DrvSplEndPage
DrvSplProhibitUsingPrinterHandle
DrvSplStartDoc
DrvSplStartDoc2
DrvSplStartPage
DrvSplWritePrinter
EpEnable

Sections

.text
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5383adff706d8900ecc1ba61d3a5ec35

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

winspool.drv

netapi32

userenv

shell32

shlwapi

winmm

Exports

Exports

Sections

.text Size: 207KB - Virtual size: 207KB

.data Size: 39KB - Virtual size: 46KB

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 207KB - Virtual size: 207KB

.data
Size: 39KB - Virtual size: 46KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 11KB - Virtual size: 10KB