dcbef603ef816d2d603426643cc41920_NEAS | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dcbef603ef816d2d603426643cc41920_NEAS
Size

21KB
MD5

dcbef603ef816d2d603426643cc41920
SHA1

ba96544d3aca6b2e9cbd012d1fa5a620f06ce7e3
SHA256

495bd456655e97362faf4e6b6733f1f7d3111960270fd01587b295894f0d14d8
SHA512

156f6fbbda8bd18d2671e02c9651edf06c6a862cef7bf049438073b9391dc483afe786419e9d7b047a05b2dc9fa72a9bacda1da41c1518b26e48d3d42f0792ef
SSDEEP

384:FbXTFjujOhJuxz4o+D1Mvj6YLVR/Bcy+PKGUWyFan6mk:F/FCihJEh+D1MdLVJBAUJFa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dcbef603ef816d2d603426643cc41920_NEAS

Files

dcbef603ef816d2d603426643cc41920_NEAS
.dll windows:6 windows x86 arch:x86

44f891548e61b184af9ed35d0cf7a443

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\fit04\src\DST\fre_w2K_x86\i386\EGDICMND.pdb

Imports

msvcrt

memcpy
??3@YAXPAX@Z
memset
??2@YAPAXI@Z

user32

wvsprintfA
wsprintfA

kernel32

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
GetTempPathA
UnmapViewOfFile
DeleteFileA
CreateFileA
GetFileSize
CloseHandle
CreateFileMappingA
MapViewOfFile
GetLocalTime
OutputDebugStringA
WriteFile
lstrcpyA
lstrlenA

winspool.drv

WritePrinter

spoolss

ImpersonatePrinterClient
RevertToPrinterSelf

Exports

Exports

CmndDisableExtPDEV
CmndEnableExtPDEV
CmndEndDoc
CmndEndPage
CmndExtEscape
CmndSendBand
CmndStartDoc
CmndStartPage

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ