90590634e78856138284dfa6b1f68bd0ff6ba88ee64981ff9e23c310be571c09

Sharing

Copy URL Twitter E-mail

General

Target

90590634e78856138284dfa6b1f68bd0ff6ba88ee64981ff9e23c310be571c09
Size

37KB
MD5

e0311bfc89b055958c1252d89c34460b
SHA1

57f15a03a007643b857fb7394b0cde5ab42fa02a
SHA256

90590634e78856138284dfa6b1f68bd0ff6ba88ee64981ff9e23c310be571c09
SHA512

3802efac6e253dfcda9c2f538a997b4024251b303f13e0b2ba615a40fbec59fdf5facfb35f5bdd136fc9b7bc962f379fb142488f1d690ababb1acff91a3bd37e
SSDEEP

768:sj9NpUHXCqezNGFNL7wiyPPxmSPIqZ2SuIg5oU4VbuhdtgVUKRd256S:sjfpUHXCqeYLLenJZqVSuhYlRdM7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
90590634e78856138284dfa6b1f68bd0ff6ba88ee64981ff9e23c310be571c09

Files

90590634e78856138284dfa6b1f68bd0ff6ba88ee64981ff9e23c310be571c09
.dll windows:5 windows x86 arch:x86

1e6018231d35f16c383da85e1c2fcc2a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_initterm
rename
malloc
wcsncpy
wcscmp
_tempnam
free
sprintf
??3@YAXPAX@Z
fopen
fwrite
fclose
strncpy
??2@YAPAXI@Z
swprintf

kernel32

FindResourceW
InterlockedIncrement
InterlockedDecrement
LoadResource
SizeofResource
FreeResource
GetSystemDirectoryW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
FormatMessageW
LocalFree
SetLastError

winspool.drv

SetJobW
EnumJobsW
GetPrinterW
GetJobW

advapi32

RegSetValueExW
RegCreateKeyExW
RegCloseKey

gdi32

EngStretchBlt
GetDeviceCaps
CreateDCW
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
DeleteDC

shell32

ShellExecuteW

coloriq_22_800

??1CColorPlus@@QAE@XZ
?FourToSixColorGeneration@CColor@@QAEHPAE0H@Z
?FourToSevenColorGeneration@CColor@@QAEHPAE0H@Z
?SixToSevenColorGeneration@CColor@@QAEHPAE0H@Z
?ColorCorrectBits@CColor@@QAEHJJPAEHPAUtagSG_BITMAPINFO@@PAPAEHHHH_NF@Z
??0CColorPlus@@QAE@XZ
?InitializeTransform@CColorPlus@@QAEHPAUtagRENDERING_INFO@@PAUtagPALETTE_INFO@@@Z
?GetDotSize@CColor@@QAEHPAH@Z
?GetDotDensity@CColor@@QAEHPAH@Z
?GetNumColorCorrectedChannels@CColor@@QAEHXZ

ditheriq_22_800

?ComputeDitheredScanlineSize@CDither@@QAEHPAUtagDITHEREDSCANLINE@@@Z
?ResetErrorBuffers@CDither@@QAEHXZ
?PerformDither@CDither@@QAEHPAUtagSCANLINE@@PAUtagDITHEREDSCANLINE@@@Z
??1CDither@@QAE@XZ
??0CDither@@QAE@XZ
?InitializeDither@CDither@@QAEHPAUtagSRCIMAGEINFO@@PAUtagPRINTERINFO@@PAUtagDITHERINFO@@@Z
?PerformDither4000@CDither@@QAEHPAUtagSCANLINE@@PAUtagDITHEREDSCANLINE@@@Z

generateprintercommandsiq_22_800

?GetMoveYCommand@CGeneratePrinterCommands@@QAEHPAPAEPAHHH@Z
??0CGeneratePrinterCommands@@QAE@XZ
?GetScanlineCommands@CGeneratePrinterCommands@@QAEHHPAUtagSG_BITMAPINFO@@PAUtagSCANLINE_DATA@@@Z
?GetXPositionCommand@CGeneratePrinterCommands@@QAEHPAPAEPAHHH@Z
?InitializeCommandGenerator@CGeneratePrinterCommands@@QAEHPAPAEPAH01PAUtagSCANLINE_DATA@@HH@Z

rlecompressiq

??0CRLECompress@@QAE@XZ
?RLECompress@CRLECompress@@QAEHPAEPAH@Z

sg_rr

?GetHeaderResource@CResourceRetriever@@QAEHPAXHPAU_devicemodeW@@PAEK@Z
??0CResourceRetriever@@QAE@XZ

weaveiq_22_800

?GetNumberOfSpoolBuffers@CWeave@@QAEHPAH@Z
?WeaveScanline@CWeave@@QAEHPAUtagDITHEREDSCANLINE@@HPAPAUtagSubPassSpoolBfr@@PAH2H@Z
?UpdateWeave@CWeave@@QAEHHH@Z
??1CWeave@@QAE@XZ
?GetSubpassBufferLength@CWeave@@QAEHPAHH@Z
?InitializeWeave@CWeave@@QAEHHHHHH@Z
??0CWeave@@QAE@XZ
?GetNumberOfNozzles@CWeave@@QAEHPAH@Z

user32

OemToCharW
wsprintfW
MessageBoxW

ole32

CoTaskMemFree
CoTaskMemAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e6018231d35f16c383da85e1c2fcc2a

Headers

File Characteristics

Imports

msvcrt

kernel32

winspool.drv

advapi32

gdi32

shell32

coloriq_22_800

ditheriq_22_800

generateprintercommandsiq_22_800

rlecompressiq

sg_rr

weaveiq_22_800

user32

ole32

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 30KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 30KB - Virtual size: 30KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB