b3ab573a16ee46d2c52f1e94fc6c1c82d139c39b049ce503a3a6298860763f2c

Sharing

Copy URL Twitter E-mail

General

Target

b3ab573a16ee46d2c52f1e94fc6c1c82d139c39b049ce503a3a6298860763f2c
Size

226KB
MD5

4f084e3bcde19866aa06e74c8e4e81c2
SHA1

abdfff8685c2ae48d1173252b882e379e1cddeb7
SHA256

b3ab573a16ee46d2c52f1e94fc6c1c82d139c39b049ce503a3a6298860763f2c
SHA512

d114d28c89918b08e5811d003f2887ea1e624c4c75eebe80993cb25d088ba422fbd34cfb52670c19c1bf966fc2c873526e2b7de01475936dccb34c0d654fcdab
SSDEEP

3072:42vVMTBfRwto9LmiAfJrGAwJAiPiBbofZHMmHCzXAYu:48STBJwtoDAwyi6BsBHMckAYu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3ab573a16ee46d2c52f1e94fc6c1c82d139c39b049ce503a3a6298860763f2c

Files

b3ab573a16ee46d2c52f1e94fc6c1c82d139c39b049ce503a3a6298860763f2c
.dll windows:6 windows x86 arch:x86

20747ac25ee980d9e94005fe4be21297

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\newprinterdrver\prtdrvrender\objfre_wnet_x86\i386\PrtDrvRender.pdb

Imports

msvcrt

_isatty
_write
_lseeki64
free
_fileno
__pioinfo
__badioinfo
realloc
wctomb
_itoa
_snprintf
_iob
isleadbyte
_amsg_exit
_initterm
_XcptFilter
_errno
fopen
fwrite
fclose
_CIsqrt
calloc
malloc
memcpy
memset
strtol
tolower
_CIpow
strncmp

winspool.drv

OpenPrinterW
SetPrinterDataW
ClosePrinter
GetPrinterDriverW
GetPrinterDriverDirectoryW
WritePrinter
GetPrinterW
GetPrinterDataW

kernel32

GetSystemDefaultLangID
GetVersion
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
InterlockedExchange
CreateFileW
ReadFile
CloseHandle
GlobalFree
GlobalAlloc
WideCharToMultiByte
GetLocalTime
Sleep
GetLastError
SetLastError

gdi32

FONTOBJ_pifi
FONTOBJ_pxoGetXform
XFORMOBJ_iGetXform
EngTextOut
EngCopyBits
XLATEOBJ_cGetPalette
EngLockSurface
EngStretchBlt
EngUnlockSurface
BRUSHOBJ_pvGetRbrush
CLIPOBJ_cEnumStart
CLIPOBJ_bEnum
EngBitBlt
BRUSHOBJ_pvAllocRbrush
EngEraseSurface
EngCreatePalette
EngCreateBitmap
EngAssociateSurface
EngDeleteSurface
EngDeletePalette

Exports

Exports

DllMain
DrvDisableDriver
DrvEnableDriver
DrvQueryDriverInfo

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20747ac25ee980d9e94005fe4be21297

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

winspool.drv

kernel32

gdi32

Exports

Exports

Sections

.text Size: 130KB - Virtual size: 130KB

.data Size: 86KB - Virtual size: 150KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 130KB - Virtual size: 130KB

.data
Size: 86KB - Virtual size: 150KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 7KB - Virtual size: 6KB