29abba37813156e28835ab2f9c06befa9527ca6293501af85070df16c5ec73e0

Sharing

Copy URL

Twitter E-mail

General

Target

29abba37813156e28835ab2f9c06befa9527ca6293501af85070df16c5ec73e0
Size

599KB
MD5

7b794663d1ab76a38adc07c4676d0457
SHA1

d191ae4bfbc4d81960962f52b48cc67b5642414e
SHA256

29abba37813156e28835ab2f9c06befa9527ca6293501af85070df16c5ec73e0
SHA512

16c43675c2e12757c7c45d628ee2ce143636cd9ecb6f830e21f5724134b5a76ab11595c2004a274e49102cb44f59d35abf58546b6ab6da4333ed78b8d7de4d20
SSDEEP

12288:FOnGAkO0h069iduOLPKVRK2nO6+33lSfB7IJ8nhL/dqw:FODn0KYIuOLPKVRKR8nhrdqw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29abba37813156e28835ab2f9c06befa9527ca6293501af85070df16c5ec73e0

Files

29abba37813156e28835ab2f9c06befa9527ca6293501af85070df16c5ec73e0
.dll windows:5 windows x86 arch:x86

5705b8147d2c339f8b7ab8c493739616

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Project\Windows\winscan_r\Release\LLD_Drv.pdb

Imports

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
StrCmpNIA

ws2_32

WSAStartup
WSAGetLastError
send
closesocket
WSACleanup
getaddrinfo
socket
connect
freeaddrinfo
setsockopt
htons
inet_addr
bind
sendto
recvfrom
htonl
gethostbyname
inet_ntoa
recv

kernel32

SetErrorMode
GetCurrentProcessId
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
InterlockedIncrement
CompareStringW
GetVersionExA
lstrcmpW
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GlobalFlags
GetModuleHandleA
InterlockedExchange
CompareStringA
LocalReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteConsoleW
GetFileType
GetStdHandle
RtlUnwind
GetCommandLineA
ExitProcess
HeapAlloc
HeapFree
RaiseException
HeapReAlloc
HeapSize
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetCurrentThreadId
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
VirtualAlloc
GetTimeZoneInformation
GetLocaleInfoA
LCMapStringA
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
SetEnvironmentVariableA
GetProcessHeap
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
lstrlenA
lstrcmpA
InterlockedDecrement
GetModuleHandleW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
TlsFree
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
SetLastError
lstrlenW
GetFileSize
CreateMutexW
OpenMutexW
CreateFileW
CreateMutexA
OpenMutexA
lstrcmpiA
DeviceIoControl
CreateFileA
GetPrivateProfileIntW
GetTempPathA
ReadFile
WriteFile
GetTickCount
SetThreadExecutionState
ResumeThread
SetThreadPriority
CreateThread
WaitForSingleObject
MultiByteToWideChar
WideCharToMultiByte
GetWindowsDirectoryW
FormatMessageW
OutputDebugStringA
GetProcAddress
FreeLibrary
LoadLibraryW
GetPrivateProfileStringW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
GetTempPathW
GetSystemTime
OutputDebugStringW
DeleteFileW
Sleep
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CloseHandle
GetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW

user32

PostQuitMessage
DestroyMenu
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ClientToScreen
SetWindowTextW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
SetMenu
SetForegroundWindow
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
wsprintfW
GetSystemMetrics
CharUpperW
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowTextW
GetWindowThreadProcessId
GetParent
GetWindowLongW
GetLastActivePopup
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
UnhookWindowsHookEx
ValidateRect
PeekMessageW
IsWindowEnabled
EnableWindow
GetKeyState
SendMessageW
DispatchMessageW
CallNextHookEx
SetWindowsHookExW
UnregisterClassW
MessageBoxW
MapWindowPoints

gdi32

SetMapMode
DeleteDC
GetStockObject
RestoreDC
SaveDC
DeleteObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
ScaleWindowExtEx

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

wininet

InternetCrackUrlA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetSetOptionA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle

iphlpapi

GetIpAddrTable

wsock32

ntohl

oleaut32

VariantInit
VariantClear
VariantChangeType

Exports

Exports

ScanDrv_AbortScan
ScanDrv_BroadcastMFP
ScanDrv_CancelScan
ScanDrv_CheckConnect
ScanDrv_Close
ScanDrv_DetectNetMFP
ScanDrv_GetADFStatus
ScanDrv_GetCurScanLineNum
ScanDrv_GetCurTransferSize
ScanDrv_GetLastError
ScanDrv_GetNextPushStatus
ScanDrv_GetScanParameter
ScanDrv_IsDocumentInFeeder
ScanDrv_LocateMFP
ScanDrv_Open
ScanDrv_Open_C
ScanDrv_Open_K
ScanDrv_Open_L
ScanDrv_ReadScanData
ScanDrv_SetAutofeed
ScanDrv_SetBackRotation
ScanDrv_SetCallBackFun
ScanDrv_SetContinueFlag
ScanDrv_SetExtraParam
ScanDrv_SetHorizontal
ScanDrv_SetResolution1200
ScanDrv_SetScanParameter
ScanDrv_SetScanParameterAdj
ScanDrv_StartScan

Sections

.text
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5705b8147d2c339f8b7ab8c493739616

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

wininet

iphlpapi

wsock32

oleaut32

Exports

Exports

Sections

.text Size: 456KB - Virtual size: 456KB

.rdata Size: 88KB - Virtual size: 87KB

.data Size: 14KB - Virtual size: 159KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 38KB - Virtual size: 37KB

.text
Size: 456KB - Virtual size: 456KB

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 14KB - Virtual size: 159KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 38KB - Virtual size: 37KB