9ec663899e42fe007a89554446fd4df01656a5de6004836fdbaba35337e06df5

Sharing

Copy URL

Twitter E-mail

General

Target

9ec663899e42fe007a89554446fd4df01656a5de6004836fdbaba35337e06df5
Size

1.2MB
MD5

140cf7a77d0d0ed03d0abae25f4b3e8c
SHA1

3015521d169f15004fedc0006badc4938eb546f7
SHA256

9ec663899e42fe007a89554446fd4df01656a5de6004836fdbaba35337e06df5
SHA512

1edf0f2999e44a4bbbacdc1cc378424ebdcbf0e8d0a94a3a6fc1fdf9bf084d0cba5f255ff00e40ebd8d325134a7e241e5211ce13d23eafedd910b19a744a3c31
SSDEEP

24576:8jvUVcosOPxXR5/ddawSB6xy0X0ZoCLmcyLrhKhzYrzvp:8XrB6xydoayLrMhzWz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ec663899e42fe007a89554446fd4df01656a5de6004836fdbaba35337e06df5

Files

9ec663899e42fe007a89554446fd4df01656a5de6004836fdbaba35337e06df5
.dll regsvr32 windows:6 windows x86 arch:x86

e97ffd5a1c7c38482961981793d04feb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

P:\Target\x86\ship\clview\x-none\mshelp\hxds.pdb

Imports

kernel32

RaiseException
SetLastError
ReleaseSemaphore
WaitForSingleObject
GetCurrentProcess
GetCurrentThreadId
FlushInstructionCache
GetVersionExW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
lstrcmpW
CreateSemaphoreW
GetTempFileNameA
GetEnvironmentVariableA
GetEnvironmentVariableW
GetWindowsDirectoryA
GetWindowsDirectoryW
MoveFileExW
CreateFileA
GetFileAttributesA
SetFileAttributesA
GetFullPathNameW
GetFileInformationByHandle
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
LoadLibraryExW
LoadResource
SizeofResource
lstrcmpiW
FindResourceW
GetSystemDirectoryA
LocalAlloc
LocalFree
GlobalSize
LockResource
GetCurrentThread
GetUserDefaultLCID
DecodePointer
GetCommandLineA
EncodePointer
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTempPathW
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
ExitProcess
SetHandleCount
GetStdHandle
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentProcessId
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
GetStringTypeW
InterlockedExchange
LoadLibraryW
LCMapStringW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleW
GetProcessHeap
RemoveDirectoryW
RemoveDirectoryA
GetTempFileNameW
GetFileType
GetFileSize
DeleteFileW
DeleteFileA
CreateFileW
CreateDirectoryW
CreateDirectoryA
IsValidLocale
CopyFileW
CopyFileA
GetSystemTimeAsFileTime
Sleep
CloseHandle
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
FindNextFileW
FindFirstFileW
FindClose
SetFileAttributesW
GetFileAttributesW
GetTickCount
GetModuleFileNameW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetSystemDefaultLangID
OutputDebugStringA
MultiByteToWideChar
lstrlenW
lstrlenA
FormatMessageW
FormatMessageA
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
GetLastError
WideCharToMultiByte
SetErrorMode
IsDebuggerPresent
GetDriveTypeA
SetCurrentDirectoryW
SetEnvironmentVariableW
LoadLibraryA
InterlockedPopEntrySList
VirtualFree
InterlockedPushEntrySList
InterlockedCompareExchange
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetCurrentDirectoryW
CompareStringA
CompareStringW
GetSystemDefaultLCID
GetVersionExA
GetTempPathA
GetModuleHandleA
FindResourceExW
GetVersion
GetDiskFreeSpaceA

gdi32

GetObjectW
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetTextExtentExPointW
GetTextExtentExPointA

version

VerQueryValueW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

advapi32

GetNamedSecurityInfoW
RevertToSelf
MapGenericMask
ImpersonateSelf
AccessCheck
OpenThreadToken
OpenProcessToken
SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteValueA
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey

ole32

OleLockRunning
OleUninitialize
CoCreateGuid
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoGetClassObject
CreateStreamOnHGlobal
CoRegisterMessageFilter
CoTaskMemFree
CoDisconnectObject
CoTaskMemRealloc
CoGetMalloc
CreateBindCtx
CreateItemMoniker
StringFromCLSID
CreatePointerMoniker
OleInitialize

oleaut32

SysStringLen
LoadTypeLi
LoadRegTypeLi
SysAllocStringLen
OleCreateFontIndirect
SetErrorInfo
GetErrorInfo
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
SysStringByteLen
SysAllocStringByteLen
CreateErrorInfo
SysFreeString
SysAllocString
VariantInit
VariantClear

winspool.drv

StartDocPrinterW
StartPagePrinter
OpenPrinterA
OpenPrinterW
WritePrinter
ClosePrinter
EndDocPrinter
StartDocPrinterA
EndPagePrinter

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
HxGetObjectCA

Sections

.text
Size: 598KB - Virtual size: 597KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 374KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e97ffd5a1c7c38482961981793d04feb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

version

advapi32

ole32

oleaut32

winspool.drv

Exports

Exports

Sections

.text Size: 598KB - Virtual size: 597KB

.data Size: 38KB - Virtual size: 47KB

.rsrc Size: 251KB - Virtual size: 250KB

.reloc Size: 374KB - Virtual size: 376KB

.text
Size: 598KB - Virtual size: 597KB

.data
Size: 38KB - Virtual size: 47KB

.rsrc
Size: 251KB - Virtual size: 250KB

.reloc
Size: 374KB - Virtual size: 376KB