WinFax[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WinFax.dll
Size

27KB
MD5

ed805f7e2e42063be90b69e8a77669cd
SHA1

9a58842ae571a873db2ef6d2f949b750529760b7
SHA256

0aa2195d21b3c88812ac6bf286da3afacb9d419b27d13bacc092c8257c9625d4
SHA512

d42f955e25a6faf80560ead59a3cce06807392749efb5a274f2fbcc0897cefc5542e1d8a55471237a69225a773a7d9141a85a514aeb96a3815229f8f95b3e77c
SSDEEP

384:S2g4B8NVko+ZoKqFHUZdeAOvppSU124MTg54WH6g1W6IRirzKjIWu1vX/aiqWtw:aRUSppSU84ig54Wxo6IRirzKmyy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WinFax.dll

Files

WinFax.dll
.dll windows:6 windows x86 arch:x86

1f568d20e1ad89110bc4badddda1e9ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WinFax.pdb

Imports

msvcrt

_initterm
free
_XcptFilter
_amsg_exit
_except_handler4_common
malloc
_vsnwprintf
_stricmp
_wcsicmp
memset

kernel32

TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
GetVersionExW
GetComputerNameA
GetComputerNameW
GetSystemTimeAsFileTime
LoadLibraryW
OutputDebugStringW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
Sleep
InterlockedExchange
LoadLibraryExA
InterlockedCompareExchange
FreeLibrary
GetProcAddress
DelayLoadFailureHook
GetLastError
SetLastError
DisableThreadLibraryCalls

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW

winspool.drv

AddPrinterW
ClosePrinter
GetPrinterW
OpenPrinterW
EnumPrintersW
SetPrinterW

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHChangeNotify

Exports

Exports

FaxAbort
FaxAccessCheck
FaxClose
FaxCompleteJobParamsA
FaxCompleteJobParamsW
FaxConnectFaxServerA
FaxConnectFaxServerW
FaxEnableRoutingMethodA
FaxEnableRoutingMethodW
FaxEnumGlobalRoutingInfoA
FaxEnumGlobalRoutingInfoW
FaxEnumJobsA
FaxEnumJobsW
FaxEnumPortsA
FaxEnumPortsW
FaxEnumRoutingMethodsA
FaxEnumRoutingMethodsW
FaxFreeBuffer
FaxGetConfigurationA
FaxGetConfigurationW
FaxGetDeviceStatusA
FaxGetDeviceStatusW
FaxGetJobA
FaxGetJobW
FaxGetLoggingCategoriesA
FaxGetLoggingCategoriesW
FaxGetPageData
FaxGetPortA
FaxGetPortW
FaxGetRoutingInfoA
FaxGetRoutingInfoW
FaxInitializeEventQueue
FaxOpenPort
FaxPrintCoverPageA
FaxPrintCoverPageW
FaxRegisterRoutingExtensionW
FaxRegisterServiceProviderW
FaxSendDocumentA
FaxSendDocumentForBroadcastA
FaxSendDocumentForBroadcastW
FaxSendDocumentW
FaxSetConfigurationA
FaxSetConfigurationW
FaxSetGlobalRoutingInfoA
FaxSetGlobalRoutingInfoW
FaxSetJobA
FaxSetJobW
FaxSetLoggingCategoriesA
FaxSetLoggingCategoriesW
FaxSetPortA
FaxSetPortW
FaxSetRoutingInfoA
FaxSetRoutingInfoW
FaxStartPrintJobA
FaxStartPrintJobW
FaxUnregisterServiceProviderW

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f568d20e1ad89110bc4badddda1e9ea

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

winspool.drv

shell32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 19KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB