98aee6e464e8fba0a8f59a74ad93826cf14a9c73675b592fc07bb3567359f321

Sharing

Copy URL Twitter E-mail

General

Target

98aee6e464e8fba0a8f59a74ad93826cf14a9c73675b592fc07bb3567359f321
Size

197KB
MD5

f258b6784edf0cf33a0c6533eb8cba40
SHA1

c1f44a06195307e60933a00787e18a3f374cb2cf
SHA256

98aee6e464e8fba0a8f59a74ad93826cf14a9c73675b592fc07bb3567359f321
SHA512

5866a0b8df820091906b0e13f67bb7812c7ee46da7bb6840fa46f814905774646e03c46eda816016384cdc32e44581fa8981db96f786dfbb5031f6146bcf263c
SSDEEP

3072:2OfxTZM4QIYOUIr3J85scTKK4G1cEeyEQH2lQBV+UdE+rECWp7hKjTEg:Xx5dcGKdzeqrBV+UdvrEFp7hKjIg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98aee6e464e8fba0a8f59a74ad93826cf14a9c73675b592fc07bb3567359f321

Files

98aee6e464e8fba0a8f59a74ad93826cf14a9c73675b592fc07bb3567359f321
.dll windows:5 windows x86 arch:x86

78afd348d3d739a1c74400f5fcdb8bdc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Work\cnmpu\win\trunk\vs_solution\Win32\dll\Release\cnmpu.pdb

Imports

kernel32

GetSystemDirectoryA
SetLastError
GetProcAddress
GlobalFree
LoadLibraryA
GetModuleHandleA
CreateFileA
WriteFile
ReadFile
GetLastError
CloseHandle
WaitForSingleObject
CreateEventA
CreateMutexA
ReleaseMutex
lstrcpynA
GlobalAlloc
lstrlenW
GetVersionExA
GetTickCount
Sleep
GetModuleHandleExA
GetModuleFileNameA
GetOverlappedResult
DeviceIoControl
lstrcmpA
MapViewOfFile
UnmapViewOfFile
MultiByteToWideChar
CreateFileMappingA
OpenFileMappingA
FlushFileBuffers
HeapSize
OutputDebugStringW
WriteConsoleW
SetStdHandle
HeapReAlloc
HeapAlloc
RtlUnwind
LoadLibraryExW
FreeLibrary
WideCharToMultiByte
lstrlenA
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
ExitProcess
GetModuleHandleExW
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
LCMapStringW
GetModuleFileNameW
CreateFileW

user32

CharUpperA

winspool.drv

OpenPrinterA
OpenPrinterW
GetPrinterA
GetPrinterDriverA
EnumPortsA
ClosePrinter
EnumPrintersA

advapi32

RegQueryValueExA
RegCloseKey

Exports

Exports

puClose
puDeviceID
puGetMDL
puGetMID
puGetModuleVersion
puGetPLI
puGetPLIAuto
puGetPLISilent
puGetStatus
puGetVER
puGetiSN
puInputPrime
puIsPLI
puOpen
puOpenPort
puOpenW
puRead
puRefreshPort
puSearchPrinterDB
puWrite
pulowGetBSCC
pulowGetBSCCLong
pulowGetVendorRequest
pulowSendBJL
pulowSendBSCC
pulowSetVendorRequest
pulowWorkingPort
pulowWorkingPort4BJNP

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78afd348d3d739a1c74400f5fcdb8bdc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

winspool.drv

advapi32

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 5KB - Virtual size: 4KB