98063aa26a19b76232706e6ae2252097d210855c920d2bf48b6b01ed6da4d945

Sharing

Copy URL

Twitter E-mail

General

Target

98063aa26a19b76232706e6ae2252097d210855c920d2bf48b6b01ed6da4d945
Size

36KB
MD5

e842ec89aa68a089482ad96c6e4d6d0a
SHA1

24a0d3a6223c2b2a54eff07d62e74e6526f28925
SHA256

98063aa26a19b76232706e6ae2252097d210855c920d2bf48b6b01ed6da4d945
SHA512

cd377a0d71b1b69f65edd242af6019eb15535cb92293150f5309c67b9a6603af08e5ea3baa09e563311bc28a270027e28dee88287e42a083865fecdd984feff3
SSDEEP

768:TnMYjF/hmh6OddA+l/TZZ+ldpadaLu3t9ob4Pu3CIbM/bd:TnzjF/ol9AwdD1j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98063aa26a19b76232706e6ae2252097d210855c920d2bf48b6b01ed6da4d945

Files

98063aa26a19b76232706e6ae2252097d210855c920d2bf48b6b01ed6da4d945
.dll windows:4 windows x86 arch:x86

99fd267a0ae22768b69052341d4624af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

stag320g

ZTagGetBlock
ZTagCloseBlock
ZTagAddElement
ZTagGetElementPtr
ZTagCreateBlock

simf320g

DrvSplEndDoc
DrvSplEndPage
DrvSplWritePrinter
DrvSplStartDoc
DrvSplClose
DrvSplAbort
DrvSplStartPage

gdi32

EngCreatePalette
EngAssociateSurface
PATHOBJ_vEnumStart
XLATEOBJ_iXlate
BRUSHOBJ_pvAllocRbrush
EngDeleteSurface
EngCreateDeviceSurface
FONTOBJ_pxoGetXform
FONTOBJ_pifi
EngUnicodeToMultiByteN
FONTOBJ_vGetInfo
STROBJ_vEnumStart
STROBJ_bEnum
EngBitBlt
BRUSHOBJ_pvGetRbrush
XLATEOBJ_piVector
EngDeletePalette
XFORMOBJ_iGetXform
EngDeletePath
PATHOBJ_vGetBounds
CLIPOBJ_ppoGetPath
XFORMOBJ_bApplyXform
PATHOBJ_bEnum
FONTOBJ_cGetGlyphs

winspool.drv

GetPrinterA
OpenPrinterW
ClosePrinter
WritePrinter
GetPrinterDataA

kernel32

GlobalFree
GlobalAlloc
FreeLibrary
Sleep

msvcrt

wcslen
bsearch
_stricmp
_ftol
wcscpy
qsort

Exports

Exports

DrvDisableDriver
DrvEnableDriver
DrvQueryDriverInfo

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

COMPRESS
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 135B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 634B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99fd267a0ae22768b69052341d4624af

Headers

File Characteristics

Imports

stag320g

simf320g

gdi32

winspool.drv

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

COMPRESS Size: 2KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 135B

.rsrc Size: 1024B - Virtual size: 820B

.reloc Size: 1024B - Virtual size: 634B

.text
Size: 23KB - Virtual size: 23KB

COMPRESS
Size: 2KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 135B

.rsrc
Size: 1024B - Virtual size: 820B

.reloc
Size: 1024B - Virtual size: 634B