FXSXP32[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FXSXP32.dll
Size

103KB
MD5

e3bb27b8c49d391edf93216e1535608b
SHA1

de0049cab4ea59086028f479ce65b4912eed830a
SHA256

8854d25fd4f7eb3fdbea293ed329b7a0753ce19c75e366eb8c269cc218649777
SHA512

b8a57a56f2d903763a37c1c56ed7c433f4227f6b3470ae65848c6741868a2630fc8cd8fc97b4940167fbe3698103150dfd358cf9be5a3260f6ad90e5b3c66296
SSDEEP

3072:YWNahsOpD8SBDxEQ511kVCaFoOk5wHYurIOx99TvX:Z0sSZBe4k1FnDHTrr99T/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FXSXP32.dll

Files

FXSXP32.dll
.dll windows:10 windows x86 arch:x86

da8b9e9cd318d5aada8a4788f717722a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

FXSXP32.pdb

Imports

msvcrt

memcpy
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_vsnwprintf
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
malloc
free
_mbscpy
wcsncpy_s
wcsncmp
memmove_s
strrchr
wcsstr
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
wcscat_s
wcscpy_s
iswspace
iswcntrl
_wcsdup
_wcsicmp
memcpy_s
__CxxFrameHandler3
wcsrchr
wcschr
_wcsnicmp
_wsplitpath_s
iswalpha
swscanf_s
_CxxThrowException
_callnewh
_ftol2_sse
_wcsnset
memset

fxsapi

FaxSendDocumentExW
FaxGetRecipientsLimit
FaxFreeSenderInformation
FaxGetSenderInformation
FaxGetReceiptsOptions
FaxConnectFaxServerW
FaxClose
FaxGetPersonalCoverPagesOption
FaxAccessCheckEx

kernel32

ReadFile
ExpandEnvironmentStringsW
GetProcAddress
FreeLibrary
CreateDirectoryW
GetFileAttributesW
MultiByteToWideChar
GetComputerNameW
WideCharToMultiByte
GetLocaleInfoEx
GetUserPreferredUILanguages
SetFilePointer
OutputDebugStringW
GetFileSize
GetVersionExW
GetFullPathNameW
SetEndOfFile
UnmapViewOfFile
CopyFileW
GetFileType
CreateFileMappingW
MapViewOfFileEx
GetCurrentThread
LocalFree
GetModuleFileNameW
FindNextFileW
FindClose
GetLastError
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
GetProcessHeap
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleW
OpenMutexW
MapViewOfFile
CreateProcessW
CreateEventW
ReleaseMutex
CreateMutexW
SetEnvironmentVariableW
WaitForMultipleObjects
VirtualAlloc
VirtualFree
MulDiv
SetLastError
WriteFile
GetProfileIntW
QueryPerformanceCounter
GetTempPathW
CreateFileW
DeleteFileW
FindFirstFileW
CloseHandle
GetTempFileNameW
MoveFileW
DisableThreadLibraryCalls
LoadLibraryW
lstrlenA
OutputDebugStringA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
GetSystemTime
SystemTimeToFileTime

advapi32

ReportEventW
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
AllocateAndInitializeSid
SetEntriesInAclW
GetSecurityDescriptorOwner
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
GetTokenInformation
CopySid
IsValidSid
OpenProcessToken
GetLengthSid
OpenThreadToken
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
RegQueryValueW
TraceMessage

winspool.drv

GetPrinterW
OpenPrinterW
EnumPrintersW
DocumentPropertiesW
GetJobW
SetJobW
ClosePrinter
FindFirstPrinterChangeNotification
FindNextPrinterChangeNotification
FindClosePrinterChangeNotification

gdi32

GetTextMetricsW
TextOutW
SetBkMode
DeleteObject
SetMapMode
CreateFontIndirectW
StartDocW
EndPage
GetDeviceCaps
CreateDCW
GetTextExtentExPointW
StartPage
SelectObject
GetObjectW
GetStockObject
EndDoc
StretchDIBits
DeleteDC

user32

MessageBoxW
WinHelpW
MessageBeep
DialogBoxParamW
CreateWindowExW
GetWindowTextW
SendMessageW
EndDialog
SetWindowTextW
LoadStringW
GetDlgItem
CheckDlgButton
UpdateWindow
InvalidateRect
BeginPaint
EndPaint
GetWindowContextHelpId
EnableWindow
IsDlgButtonChecked

shell32

ShellExecuteExW
SHGetFolderPathAndSubDirW
SHGetFolderPathW
SHSetLocalizedName

mapi32

ord75
ord62
ord82
ord17
ord185
ord140

comdlg32

ChooseFontW

tapi32

lineTranslateDialogW
lineGetTranslateCapsW
lineTranslateAddressW
lineInitializeExW
lineShutdown

Exports

Exports

ServiceEntry
XPProviderInit

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da8b9e9cd318d5aada8a4788f717722a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

fxsapi

kernel32

advapi32

winspool.drv

gdi32

user32

shell32

mapi32

comdlg32

tapi32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 87KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 88KB - Virtual size: 87KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB