acc5bf090f1a1832ca3bbf714eded54bbd9c98982be2e0fe277617bb0ea2f789

Sharing

Copy URL Twitter E-mail

General

Target

acc5bf090f1a1832ca3bbf714eded54bbd9c98982be2e0fe277617bb0ea2f789
Size

119KB
MD5

52138f849a54c2a9d88aa07be0dd7e22
SHA1

84bbd3fbdecd61a1fde957d285a97111c71310c8
SHA256

acc5bf090f1a1832ca3bbf714eded54bbd9c98982be2e0fe277617bb0ea2f789
SHA512

a43be59cb6dea37131741d6b333ba219d5a045aaf76ad036d0087716dc54b326074df5baae5937711bd617c29c0363379f6b204b89ecc3f53f68fd9b96030a32
SSDEEP

3072:7rqs0RZz8j2LAk7++SRI+/uRDPS7TocC5UVkt9FIRyMQerime6wIDZJj6R4Ay/S:WDA+yDuRDPS7TocC5UVktgkMQeOmex8e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e_wdsp10.dll

Files

acc5bf090f1a1832ca3bbf714eded54bbd9c98982be2e0fe277617bb0ea2f789
.cab
e_wdsp10.dll
.dll windows:6 windows x64 arch:x64

643ff82b43c8360d277ee6e1a6d3983b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e_wdsp10.pdb

Imports

kernel32

InitializeCriticalSection
GlobalAlloc
WideCharToMultiByte
LoadLibraryW
TerminateThread
Sleep
LeaveCriticalSection
lstrlenW
GetTempPathW
GetPrivateProfileIntW
GetLastError
GetProcAddress
EnterCriticalSection
DisableThreadLibraryCalls
GlobalFree
GetPrivateProfileStringA
ResetEvent
GetLocalTime
ProcessIdToSessionId
CreateFileMappingW
GetExitCodeThread
CreateEventW
RemoveDirectoryW
DeleteCriticalSection
GetWindowsDirectoryW
DeleteFileW
GetCurrentProcessId
ResumeThread
FlsSetValue
GetCommandLineA
GetVersionExW
FindFirstFileW
FindNextFileW
ExitThread
FlsGetValue
CreateThread
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetModuleHandleW
ExitProcess
EncodePointer
DecodePointer
FlsFree
SetLastError
GetCurrentThreadId
GetUserDefaultLangID
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
OutputDebugStringA
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LCMapStringW
GetStringTypeW
LoadLibraryExW
SetStdHandle
WriteConsoleW
VirtualProtect
VirtualAlloc
SetThreadStackGuarantee
GetSystemInfo
VirtualQuery
FlushFileBuffers
CompareStringW
SetEnvironmentVariableA
WriteFile
GetPrivateProfileStringW
GetProcessHeap
GetCurrentThread
GetTickCount
SetEvent
WaitForSingleObject
CreateDirectoryW
HeapFree
HeapAlloc
FreeLibrary
UnmapViewOfFile
MapViewOfFile
lstrcmpA
GetFileSize
GetTempFileNameW
CloseHandle
CreateFileW
ReadFile
lstrlenA
FlsAlloc
SetFilePointer
OutputDebugStringW
LocalFree
GetSystemDirectoryW
GetFileAttributesW
GetFileSizeEx
CreateMutexW
ReleaseMutex
OpenMutexW
LocalAlloc

advapi32

RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
GetLengthSid
RegOpenKeyExW
FreeSid
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
SetFileSecurityW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetThreadToken
GetUserNameW
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

user32

CharPrevW

winspool.drv

GetPrinterDataExW
WritePrinter
GetJobW
ClosePrinter
GetPrinterW
EndDocPrinter
SetJobW
GetPrinterDataW

netapi32

Netbios

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW

shlwapi

StrStrW

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

Exports

Exports

DrvSplAbort
DrvSplAllowUsingPrinterHandle
DrvSplClose
DrvSplEndDoc
DrvSplEndPage
DrvSplProhibitUsingPrinterHandle
DrvSplStartDoc
DrvSplStartDoc2
DrvSplStartPage
DrvSplWritePrinter
EpEnable

Sections

.text
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

643ff82b43c8360d277ee6e1a6d3983b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

winspool.drv

netapi32

shell32

shlwapi

winmm

Exports

Exports

Sections

.text Size: 215KB - Virtual size: 215KB

.data Size: 11KB - Virtual size: 18KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 215KB - Virtual size: 215KB

.data
Size: 11KB - Virtual size: 18KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 2KB - Virtual size: 1KB