58c8311ea86b1766a0a2f42c4b4b3652069536f47aa9c5602abe94c26f662708

Sharing

Copy URL Twitter E-mail

General

Target

58c8311ea86b1766a0a2f42c4b4b3652069536f47aa9c5602abe94c26f662708
Size

470KB
MD5

3dc6399729da83412ad76d8da02e7220
SHA1

42e6b07308cefe8d3923bbc747c9256e55bf2cec
SHA256

58c8311ea86b1766a0a2f42c4b4b3652069536f47aa9c5602abe94c26f662708
SHA512

8b247feedf07cef098169d9f122abb15f3de61482a40b3a3ed45d60edcc2024fde1920d3f5026ea4d59f7ac4c523f9325fdb03d83f63e667fa379b7e16c448a1
SSDEEP

6144:SPc4/xadFf00cda/YY9zyOpMUqaUdAV1/K5KtD33hqX6zpeIrZxYH:SBAFf1cdAp9WOpBRVxK5CpeV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
58c8311ea86b1766a0a2f42c4b4b3652069536f47aa9c5602abe94c26f662708

Files

58c8311ea86b1766a0a2f42c4b4b3652069536f47aa9c5602abe94c26f662708
.dll windows:5 windows x64 arch:x64

8772a4c096df80d34444b7e7efbb4984

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\PROXI\PCFax\UI\FaxSettingWizard\2k\x64\Release\ENGLISH\R7EXWZD64.pdb

Imports

kernel32

GetCommandLineA
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
HeapReAlloc
Sleep
ExitProcess
HeapSize
HeapQueryInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapSetInformation
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
FlsSetValue
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
GetCurrentProcess
FlushFileBuffers
SetFilePointer
GlobalFlags
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
lstrlenA
lstrcmpA
GlobalAlloc
FormatMessageW
LocalFree
GlobalFree
GetModuleFileNameW
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
GetVersionExA
ExpandEnvironmentStringsA
LoadLibraryA
MulDiv
GetProcAddress
SetLastError
GetLastError
WritePrivateProfileStringW
GetTimeFormatW
WriteFile
GetModuleHandleW
GetDateFormatW
lstrcmpW
GetPrivateProfileIntW
LoadLibraryW
GetPrivateProfileStringW
FreeLibrary
CloseHandle
CreateFileW
ReadFile
WideCharToMultiByte
GlobalUnlock
GlobalLock
GetVersionExW
LockResource
GetLocalTime
SizeofResource
LoadResource
FindResourceW
MultiByteToWideChar
lstrcpyW
lstrcatW
IsValidCodePage
lstrlenW

user32

SetCursor
PostQuitMessage
EndPaint
BeginPaint
ClientToScreen
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
SetWindowsHookExW
CallNextHookEx
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
SetMenu
SetForegroundWindow
IsWindowVisible
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindow
UpdateWindow
SendMessageW
GetSysColor
InvalidateRect
GetParent
SetTimer
ScreenToClient
FillRect
TabbedTextOutW
GetFocus
ChildWindowFromPointEx
IsWindowEnabled
DrawTextExW
PtInRect
GetIconInfo
GetCapture
DrawFocusRect
InflateRect
OffsetRect
DrawStateW
LoadCursorW
GetSysColorBrush
UnregisterClassW
GrayStringW
IsWindow
DrawFrameControl
PostMessageW
GetMessageW
TranslateMessage
ValidateRect
GetWindowThreadProcessId
GetForegroundWindow
KillTimer
GetCursorPos
WindowFromPoint
GetSubMenu
GetWindowRect
wsprintfW
EnableWindow
GetDlgItem
GetSystemMetrics
ReleaseDC
GetDC
GetClientRect
DrawTextW
LoadImageW
SetParent
IsZoomed
GetWindowLongW
SetWindowLongW
CopyRect
GetWindowDC
GetKeyState
LoadBitmapW
MessageBoxW
LoadIconW
IsIconic

gdi32

SetWindowExtEx
ScaleWindowExtEx
GetStockObject
ScaleViewportExtEx
SetWindowOrgEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
IntersectClipRect
TextOutW
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateFontW
BitBlt
GetDIBits
CreateBitmap
CreateCompatibleBitmap
ExtTextOutW
PtVisible
StretchDIBits
Escape
RectVisible
GetPixel
CreateSolidBrush
PatBlt
DeleteObject
GetDeviceCaps
MoveToEx
GetTextExtentPoint32W
LineTo
DeleteDC
CreateFontIndirectW
StretchBlt
SetBkMode
SelectObject
CreateCompatibleDC
SetMapMode
Rectangle
GetObjectW
CreatePen
SetTextAlign

msimg32

AlphaBlend

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryValueW
RegOpenKeyExA
RegQueryValueExA
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW

comctl32

ord17
ImageList_Add
ImageList_Create

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathFindExtensionW

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

mydll

Sections

.text
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8772a4c096df80d34444b7e7efbb4984

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

comctl32

shlwapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 292KB - Virtual size: 292KB

.rdata Size: 100KB - Virtual size: 100KB

.data Size: 16KB - Virtual size: 49KB

.pdata Size: 20KB - Virtual size: 19KB

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 292KB - Virtual size: 292KB

.rdata
Size: 100KB - Virtual size: 100KB

.data
Size: 16KB - Virtual size: 49KB

.pdata
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 15KB - Virtual size: 14KB