POSPrinterDriverSetup[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

POSPrinterDriverSetup.exe
Size

3.2MB
MD5

3ad336eeb7a0bad5a3e05320a7487e0a
SHA1

10704be488f73ab500bad110f8f36a938f9037fc
SHA256

9ab9afbbf2aace14e6e3a4b80d3ddf6b275cb8fc808813b92c4f2d5425251886
SHA512

e4722bec5ca0336ab70ed801ce7a46ee785ae45531e588a807ba1a352c4be454dcaed0f8cbbd8c5e417ea02125ab559d9c004069b2eae5779d1e2af224d54ef8
SSDEEP

98304:/w86pz4UpS5a6fI8YYxOQbORaXFLOAkGkzdnEVomFHKnPdS:ooRRbORaXFLOyomFHKnPdS

Score

1^/10

Malware Config

Signatures

Files

POSPrinterDriverSetup.exe
.exe windows:5 windows x86 arch:x86

ab38a7f9279015bef8f64f3aa9a02dc8

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:02:30:7e:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/03/2008, 21:57

Not After

10/06/2009, 22:07

Subject

CN=Microsoft Windows Component Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

11/10/2005, 21:55

Not After

26/04/2010, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

cb:1c:dd:e8:ed:99:52:55:f1:73:2b:49:72:7a:7d:48:10:6a:b4:14
Signer

Actual PE Digest

cb:1c:dd:e8:ed:99:52:55:f1:73:2b:49:72:7a:7d:48:10:6a:b4:14

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\temp\SetupDriverPOS-BP\Release\Printer Driver V7.01.pdb

Imports

kernel32

GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
OutputDebugStringW
GetEnvironmentStringsW
LCMapStringW
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
QueryPerformanceCounter
GetStdHandle
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsValidCodePage
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
HeapQueryInformation
GetModuleHandleExW
ExitProcess
ExitThread
WideCharToMultiByte
CreateThread
VirtualQuery
VirtualAlloc
RtlUnwind
GetCommandLineA
IsProcessorFeaturePresent
GetStringTypeW
FindResourceExW
SearchPathA
GetProfileIntA
VirtualProtect
GetTempFileNameA
GetTempPathA
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
SetErrorMode
GetWindowsDirectoryA
GetVolumeInformationA
lstrcmpiA
GetCurrentProcess
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
FlushFileBuffers
FindFirstFileA
FindClose
GetFileSize
IsDebuggerPresent
FreeEnvironmentStringsW
GetFileAttributesA
VerifyVersionInfoA
lstrcpyA
VerSetConditionMask
GetCPInfo
GetOEMCP
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetThreadLocale
FileTimeToSystemTime
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalFlags
GetACP
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpA
GetCurrentThread
ResumeThread
SuspendThread
SetThreadPriority
CreateEventA
WaitForSingleObject
SetEvent
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
GetCurrentProcessId
MultiByteToWideChar
MulDiv
GlobalSize
GlobalAlloc
FindResourceA
LoadLibraryW
GlobalFree
GlobalUnlock
GlobalLock
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
FreeResource
SetLastError
DeleteCriticalSection
DecodePointer
EnterCriticalSection
HeapSize
RaiseException
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
LocalFree
GetLastError
FormatMessageA
CopyFileA
DeleteFileA
GetUserDefaultLangID
GetVersionExA
GetNativeSystemInfo
GetSystemInfo
CloseHandle
WriteFile
OutputDebugStringA
CreateFileA
GetModuleFileNameA
Sleep
GetCurrentDirectoryA
GetUserDefaultUILanguage
FindResourceW
LoadResource
LockResource
SizeofResource

user32

UnpackDDElParam
InsertMenuItemA
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
UpdateLayeredWindow
GetUpdateRect
SetClassLongA
DestroyAcceleratorTable
ModifyMenuA
IsMenu
SetMenuDefaultItem
GetMenuDefaultItem
CopyIcon
GetIconInfo
GetDoubleClickTime
EnableScrollBar
LockWindowUpdate
CreatePopupMenu
BringWindowToTop
UnionRect
SetCursorPos
NotifyWinEvent
LoadMenuW
GetAsyncKeyState
CharUpperA
IsZoomed
TrackMouseEvent
LoadImageW
LoadImageA
DestroyIcon
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
MonitorFromPoint
SetParent
EnumDisplayMonitors
SetRectEmpty
SetLayeredWindowAttributes
MessageBeep
GetNextDlgGroupItem
SetRect
InvalidateRgn
CopyAcceleratorTableA
CharNextA
DeleteMenu
LoadCursorW
WindowFromPoint
ReleaseCapture
SetCapture
WaitMessage
CopyImage
IntersectRect
LoadCursorA
RealChildWindowFromPoint
MapVirtualKeyA
GetKeyNameTextA
GetMenuItemInfoA
DestroyMenu
InvalidateRect
SetCursor
ShowOwnedPopups
DrawIconEx
IsRectEmpty
OffsetRect
InflateRect
DrawFocusRect
GetSysColorBrush
SetWindowRgn
DrawStateA
DrawFrameControl
DrawEdge
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
GetCursorPos
TranslateMessage
GetMessageA
LoadBitmapW
SetMenuItemInfoA
GetWindowRgn
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetTopWindow
GetClassNameA
GetClassLongA
PtInRect
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
ScrollWindow
RedrawWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
PostMessageA
GetMessageTime
GetMessagePos
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
IsDialogMessageA
SetWindowLongA
GetFocus
GetDlgCtrlID
SendDlgItemMessageA
CheckDlgButton
SetWindowPos
MoveWindow
ShowWindow
GetWindow
GetWindowTextLengthA
GetWindowTextA
GetScrollPos
SetScrollPos
SetFocus
GetLastActivePopup
GetWindowThreadProcessId
MessageBoxA
FillRect
GetSysColor
ScreenToClient
DestroyCursor
CreateMenu
InvertRect
HideCaret
GetComboBoxInfo
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
MapVirtualKeyExA
IsCharLowerA
ClientToScreen
EndPaint
PostThreadMessageA
IsClipboardFormatAvailable
FrameRect
CharUpperBuffA
SubtractRect
CreateAcceleratorTableA
ToAsciiEx
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
ReuseDDElParam
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
RemoveMenu
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringA
GetParent
GetDesktopWindow
GetWindowLongA
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamA
DestroyWindow
IsWindow
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
AppendMenuA
GetSystemMenu
LoadIconW
UnregisterClassA
EnableWindow
FindWindowExA
FindWindowA
SetWindowTextA
KillTimer
SetTimer
SendMessageA
SystemParametersInfoA

gdi32

SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateEllipticRgn
CreateRectRgnIndirect
Ellipse
GetBkColor
GetTextColor
GetTextExtentPoint32A
PatBlt
CreatePolygonRgn
Polygon
Polyline
GetTextMetricsA
CreateFontIndirectA
GetMapMode
SetRectRgn
DPtoLP
GetRgnBox
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
RealizePalette
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateRoundRectRgn
Rectangle
OffsetRgn
RoundRect
CreatePalette
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExA
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
SetPixelV
GetTextFaceA
SetTextColor
SetROP2
SetPolyFillMode
GetLayout
SetLayout
ExtTextOutA
TextOutA
MoveToEx
GetObjectA
SetTextAlign
GetPaletteEntries
CreateFontA
SetMapMode
SetBkMode
SetBkColor
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteObject
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
CreateBitmap
BitBlt
GetDeviceCaps
CreateDCA
CopyMetaFileA
CreateSolidBrush
DeleteDC

msimg32

AlphaBlend
TransparentBlt

winspool.drv

GetPrinterDriverDirectoryA
OpenPrinterA
ClosePrinter
AddPrinterA
DocumentPropertiesA
AddPrinterDriverA

advapi32

RegDeleteKeyA
RegEnumKeyExA
RegQueryValueA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA
RegCloseKey
RegEnumValueA

shell32

DragQueryFileA
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetDesktopFolder
DragFinish
ShellExecuteA
SHGetFileInfoA
SHAppBarMessage

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathIsUNCA
PathStripToRootA
StrFormatKBSizeA
PathFindExtensionA
PathRemoveFileSpecW

uxtheme

GetWindowTheme
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeParentBackground
DrawThemeText
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
IsAppThemed

ole32

CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
IsAccelerator
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
OleGetClipboard
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoRegisterMessageFilter
CoRevokeClassObject
CoInitializeEx
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal

oleaut32

SysFreeString
SysAllocString
OleCreateFontIndirect
VarBstrFromDate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
LoadTypeLi
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocStringByteLen

oledlg

ord8

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipDrawImageRectI

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab38a7f9279015bef8f64f3aa9a02dc8

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:02:30:7e:00:00:00:00:00:06Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88Certificate

Extended Key Usages

Key Usages

cb:1c:dd:e8:ed:99:52:55:f1:73:2b:49:72:7a:7d:48:10:6a:b4:14Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

setupapi

oleacc

imm32

winmm

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 318KB - Virtual size: 318KB

.data Size: 25KB - Virtual size: 56KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 120KB - Virtual size: 120KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:02:30:7e:00:00:00:00:00:06
Certificate

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

cb:1c:dd:e8:ed:99:52:55:f1:73:2b:49:72:7a:7d:48:10:6a:b4:14
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 318KB - Virtual size: 318KB

.data
Size: 25KB - Virtual size: 56KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 120KB - Virtual size: 120KB