e2d84f3f83fa75b20104c9cbb6e53224eeffa5ff7ef431cbaa37240c00a0c9a8

Sharing

Copy URL Twitter E-mail

General

Target

e2d84f3f83fa75b20104c9cbb6e53224eeffa5ff7ef431cbaa37240c00a0c9a8
Size

251KB
MD5

9f999dea62f4e699962b0163dbfabee7
SHA1

0b2ad17e81300c84c2f40ad0ed7df2b01b58b60f
SHA256

e2d84f3f83fa75b20104c9cbb6e53224eeffa5ff7ef431cbaa37240c00a0c9a8
SHA512

5ed73d397ee64714b178d652962d1646f0eff64ea453c8a0865b0df2605e9064bf76ba3f593d43d4eef18b6d217c5e01798a5134dda358445f304f4117f14cf5
SSDEEP

3072:Uk3LdPARWhQFkXUTEid1O+zDxnyBUxwNDtfPqDdjCFn+9e/lmGdo5xdoj6h/Z5lm:Uk3VA9jTEid1V1yyG96ojCl5oZqc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2d84f3f83fa75b20104c9cbb6e53224eeffa5ff7ef431cbaa37240c00a0c9a8

Files

e2d84f3f83fa75b20104c9cbb6e53224eeffa5ff7ef431cbaa37240c00a0c9a8
.dll windows:6 windows x64 arch:x64

64db323f7405e79b1b4949ad35018d63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\jenkins2\workspace\rdc-win-pipeline_master\src\build\tc-client2\channel\printer\printer-client-generic.pdb

Imports

spdlog

??$to_decimal@N@dragonbox@detail@v9@fmt@@YA?AU?$decimal_fp@N@0123@N@Z
??0format_error@v9@fmt@@QEAA@PEBD@Z
??1format_error@v9@fmt@@UEAA@XZ
?log@logger@spdlog@@QEAAXUsource_loc@2@W4level_enum@level@2@V?$basic_string_view@D@v9@fmt@@@Z
?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z
??0format_error@v9@fmt@@QEAA@AEBV012@@Z
?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v9@fmt@@W4level_enum@level@2@1@Z
?enabled@backtracer@details@spdlog@@QEBA_NXZ
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z
?err_handler_@logger@spdlog@@IEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?throw_format_error@detail@v9@fmt@@YAXPEBD@Z
?fmt_snprintf@detail@v9@fmt@@YAHPEAD_KPEBDZZ
??$thousands_sep_impl@D@detail@v9@fmt@@YA?AU?$thousands_sep_result@D@012@Vlocale_ref@012@@Z
??$decimal_point_impl@D@detail@v9@fmt@@YADVlocale_ref@012@@Z
??$get@Vlocale@std@@@locale_ref@detail@v9@fmt@@QEBA?AVlocale@std@@XZ
?is_printable@detail@v9@fmt@@YA_NI@Z
??$to_decimal@M@dragonbox@detail@v9@fmt@@YA?AU?$decimal_fp@M@0123@M@Z
?vformat@v9@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v9@fmt@@D@v9@fmt@@@12@@Z

winspool.drv

ord203
EnumPrintersW

qt5core

?dir@QFileInfo@@QEBA?AVQDir@@XZ
?path@QFileInfo@@QEBA?AVQString@@XZ
?filePath@QFileInfo@@QEBA?AVQString@@XZ
??1QFileInfo@@QEAA@XZ
??0QFileInfo@@QEAA@AEBVQString@@@Z
??0QFileInfo@@QEAA@AEBVQDir@@AEBVQString@@@Z
?currentDateTime@QDateTime@@SA?AV1@XZ
?toString@QDateTime@@QEBA?AVQString@@W4DateFormat@Qt@@@Z
??1QDateTime@@QEAA@XZ
?toStringList@QVariant@@QEBA?AVQStringList@@XZ
?toString@QVariant@@QEBA?AVQString@@XZ
?toBool@QVariant@@QEBA_NXZ
??1QVariant@@QEAA@XZ
??0QVariant@@QEAA@_N@Z
??0QVariant@@QEAA@AEBVQString@@@Z
??0QVariant@@QEAA@AEBVQStringList@@@Z
?readLine@QTextStream@@QEAA?AVQString@@_J@Z
?atEnd@QTextStream@@QEBA_NXZ
??1QTextStream@@UEAA@XZ
??0QTextStream@@QEAA@PEAVQIODevice@@@Z
?setFileTemplate@QTemporaryFile@@QEAAXAEBVQString@@@Z
?setAutoRemove@QTemporaryFile@@QEAAX_N@Z
??1QProcess@@UEAA@XZ
??0QTemporaryFile@@QEAA@XZ
?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ
?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z
?childGroups@QSettings@@QEBA?AVQStringList@@XZ
?endGroup@QSettings@@QEAAXXZ
?beginGroup@QSettings@@QEAAXAEBVQString@@@Z
??1QSettings@@UEAA@XZ
??0QSettings@@QEAA@AEBVQString@@W4Format@0@PEAVQObject@@@Z
??0QSettings@@QEAA@W4Scope@0@PEAVQObject@@@Z
?append@QListData@@QEAAPEAPEAXXZ
?dispose@QListData@@SAXPEAUData@1@@Z
?realloc@QListData@@QEAAXH@Z
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z
?detach@QListData@@QEAAPEAUData@1@H@Z
?open@QTemporaryFile@@QEAA_NXZ
?type@QOperatingSystemVersion@@QEBA?AW4OSType@1@XZ
?majorVersion@QOperatingSystemVersion@@QEBAHXZ
??0QVariant@@QEAA@XZ
?tr@QObject@@SA?AVQString@@PEBD0H@Z
?end@QListData@@QEBAPEAPEAXXZ
?begin@QListData@@QEBAPEAPEAXXZ
?at@QListData@@QEBAPEAPEAXH@Z
?size@QListData@@QEBAHXZ
?dispose@QListData@@QEAAXXZ
?fromStdWString@QString@@SA?AV1@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?toStdString@QString@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??1QString@@QEAA@XZ
??0QString@@QEAA@XZ
??0QString@@QEAA@AEBV0@@Z
?isEmpty@QString@@QEBA_NXZ
?length@QString@@QEBAHXZ
??4QString@@QEAAAEAV0@PEBD@Z
??0QString@@QEAA@PEBD@Z
?start@QProcess@@QEAAXV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
?toUtf8@QString@@QEGBA?AVQByteArray@@XZ
??YQString@@QEAAAEAV0@AEBV0@@Z
?trimmed@QString@@QEHAA?AV1@XZ
?trimmed@QString@@QEGBA?AV1@XZ
?size@QString@@QEBAHXZ
??4QString@@QEAAAEAV0@$$QEAV0@@Z
??0QString@@QEAA@$$QEAV0@@Z
?constData@QByteArray@@QEBAPEBDXZ
?data@QByteArray@@QEBAPEBDXZ
??1QByteArray@@QEAA@XZ
??0QChar@@QEAA@UQLatin1Char@@@Z
?setProgram@QProcess@@QEAAXAEBVQString@@@Z
?setArguments@QProcess@@QEAAXAEBVQStringList@@@Z
?setProcessEnvironment@QProcess@@QEAAXAEBVQProcessEnvironment@@@Z
?waitForFinished@QProcess@@QEAA_NH@Z
?readAllStandardOutput@QProcess@@QEAA?AVQByteArray@@XZ
?readAllStandardError@QProcess@@QEAA?AVQByteArray@@XZ
??8@YA_NAEBVQString@@0@Z
??1QDir@@QEAA@XZ
?tempPath@QDir@@SA?AVQString@@XZ
?isOpen@QIODevice@@QEBA_NXZ
?write@QIODevice@@QEAA_JPEBD_J@Z
?errorString@QIODevice@@QEBA?AVQString@@XZ
?flush@QFileDevice@@QEAA_NXZ
??4QString@@QEAAAEAV0@AEBV0@@Z
?arg@QString@@QEBA?AV1@AEBV1@HVQChar@@@Z
?arg@QString@@QEBA?AV1@_KHHVQChar@@@Z
?mid@QString@@QEBA?AV1@HH@Z
?startsWith@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z
?endsWith@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z
?remove@QString@@QEAAAEAV1@AEBV1@W4CaseSensitivity@Qt@@@Z
?replace@QString@@QEAAAEAV1@AEBV1@0W4CaseSensitivity@Qt@@@Z
?toUInt@QString@@QEBAIPEA_NH@Z
?shared_null@QListData@@2UData@1@B
?current@QOperatingSystemVersion@@SA?AV1@XZ
?findExecutable@QStandardPaths@@SA?AVQString@@AEBV2@AEBVQStringList@@@Z
??1QProcessEnvironment@@QEAA@XZ
?systemEnvironment@QProcessEnvironment@@SA?AV1@XZ
??0QProcess@@QEAA@PEAVQObject@@@Z
??1QTemporaryFile@@UEAA@XZ
?fromUtf8@QString@@SA?AV1@PEBDH@Z

kernel32

GetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcess
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
TerminateProcess

msvcp140

?rdstate@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?exceptions@ios_base@std@@QEAAXH@Z
?flags@ios_base@std@@QEBAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
memcpy
__std_type_info_destroy_list
memset
memchr
memcmp
_CxxThrowException
__std_exception_destroy
__std_exception_copy
_purecall
__std_terminate
__current_exception
__current_exception_context
__C_specific_handler

api-ms-win-crt-math-l1-1-0

_dclass
_fdclass
_ldclass
_dsign
ceilf

api-ms-win-crt-string-l1-1-0

_strdup

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_initterm
_initterm_e
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
terminate
_configure_narrow_argv
_seh_filter_dll

Exports

Exports

freerdp_printer_client_subsystem_entry

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64db323f7405e79b1b4949ad35018d63

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

spdlog

winspool.drv

qt5core

kernel32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 191KB - Virtual size: 190KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 14KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 180B

.text
Size: 191KB - Virtual size: 190KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 180B