10cfd0e1f894dbf2b2fd6e4eeade3fc411fe19b0568cd3511d0f656dc79c3619

Sharing

Copy URL Twitter E-mail

General

Target

10cfd0e1f894dbf2b2fd6e4eeade3fc411fe19b0568cd3511d0f656dc79c3619
Size

40KB
MD5

90d5defdfe4fb856b8ea07513bf8fe29
SHA1

cf5a175e860e4f6be694e3e4e878d83871946cfe
SHA256

10cfd0e1f894dbf2b2fd6e4eeade3fc411fe19b0568cd3511d0f656dc79c3619
SHA512

f811d2b191b620473713099483d791e3d5fe1b8cd34e0906f81024e3b921117ac8f57b28b8be6d10f024217b3abbb150b5da2de5d92866d8d1834de638bac33a
SSDEEP

384:GTvxxboOswD33SrfwKtJAe6AYNyryoqoMpE9/KMyYCmr:Gjls433WfVN2NyWz1zw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10cfd0e1f894dbf2b2fd6e4eeade3fc411fe19b0568cd3511d0f656dc79c3619

Files

10cfd0e1f894dbf2b2fd6e4eeade3fc411fe19b0568cd3511d0f656dc79c3619
.dll windows:4 windows x86 arch:x86

17586b067a41efac616b6c5726363340

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
CloseHandle
GlobalFree
GlobalAlloc
Sleep
CopyFileA
DisableThreadLibraryCalls
GetLastError
FormatMessageA
GetProcessTimes
LocalFree

user32

GetWindowThreadProcessId
PostMessageA
DdeInitializeA
DdeClientTransaction
DdeCreateDataHandle
DdeDisconnect
DdeUninitialize
DdeCreateStringHandleA
DdeFreeStringHandle
DdeGetLastError
DdeConnect

winspool.drv

OpenPrinterA
ClosePrinter
GetPrinterA

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyA

shell32

ShellExecuteA
ShellExecuteExA

urlmon

URLDownloadToCacheFileA

std-vc-mt

?os_throw_out_of_range@@YAXXZ
?os_throw_length_error@@YAXXZ

m4logdll

?SETCODEF@@YAFJFPBDZZ
??6@YAAAVM4ClBasicLog@@AAV0@H@Z
??6@YAAAVM4ClBasicLog@@AAV0@QBD@Z
??6@YAAAVM4ClBasicLog@@AAV0@K@Z

m4objlog

?g_oChLog@@3VChLog@@A
?BeginLog@@YAAAVChLog@@AAV1@JF@Z
?EndLog@@YA?AW4e_m4dumplog@@AAVChLog@@@Z

m4objglb

?M4ClCppType@@YAPBDE@Z

m4inidll

?GetRegKeyData@@YADPAD00PAK@Z

m4unicode

?M4CppToANSI@@YAPADQBDAAH@Z

m4buildversion

?M4ComposeRegistryPath@@YADPBD0PADKAAK@Z

psapi

EnumProcesses

msvcirt

??1ios@@UAE@XZ
??_Dofstream@@QAEXXZ
??0ofstream@@QAE@ABV0@@Z
??0ofstream@@QAE@XZ
??1ofstream@@UAE@XZ

msvcrt

_initterm
malloc
_adjust_fdiv
__dllonexit
_EH_prolog
free
strlen
??2@YAPAXI@Z
memcpy
tolower
_errno
strerror
_ftol
memmove
memcmp
_stricmp
strncpy
__CxxFrameHandler
strchr
_onexit
_strnicmp
_strcmpi
memset

Exports

Exports

M4Download
PrintPDF
PrintPDFWithoutConcurrency

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17586b067a41efac616b6c5726363340

Headers

File Characteristics

Imports

kernel32

user32

winspool.drv

advapi32

shell32

urlmon

std-vc-mt

m4logdll

m4objlog

m4objglb

m4inidll

m4unicode

m4buildversion

psapi

msvcirt

msvcrt

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 748B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 748B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB