244b38c086e54de7047d21c6101665a3d230a1f6fc39b57bf705d84c011be41f

Sharing

Copy URL Twitter E-mail

General

Target

244b38c086e54de7047d21c6101665a3d230a1f6fc39b57bf705d84c011be41f
Size

505KB
MD5

df941d78ad2daf2cb7b90579c8b4d01a
SHA1

389bf16938b295394694f18ab8c75e5794c83239
SHA256

244b38c086e54de7047d21c6101665a3d230a1f6fc39b57bf705d84c011be41f
SHA512

c9d032296f9816f6cecafa57aa2797664144995b9be87c1379eab294a387333adef7cc5b6c9278c9eed633468f9e34dd1a58ce94512aa30e479e8f2f0c2c8ac8
SSDEEP

12288:JF0MJN9l2xtoIEHYNczr1e/KsbBCfZP2n4L:H0+LaxNCfZ+y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
244b38c086e54de7047d21c6101665a3d230a1f6fc39b57bf705d84c011be41f

Files

244b38c086e54de7047d21c6101665a3d230a1f6fc39b57bf705d84c011be41f
.dll windows:5 windows x86 arch:x86

7ecf523dd844e789affdfcd0255056b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Source\printers\mutohblizzard\Release\mutohblizzard.pdb

Imports

ws2_32

WSAStartup
recv
inet_addr
send
WSACleanup
closesocket
shutdown
connect
htons
WSAGetLastError
setsockopt
socket

kernel32

SetErrorMode
FindResourceExA
WritePrivateProfileStringA
GlobalFlags
InterlockedIncrement
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
GetCPInfo
GetOEMCP
GetFileAttributesA
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapFree
TlsFree
GetCommandLineA
DeleteFileW
MoveFileW
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapReAlloc
VirtualAlloc
HeapSize
HeapCreate
HeapDestroy
VirtualFree
GetStdHandle
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
MulDiv
lstrlenA
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FreeResource
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
CompareStringA
InterlockedExchange
lstrcmpA
SetLastError
GetModuleHandleA
GlobalFree
VirtualProtect
WriteFile
ReadFile
DeviceIoControl
GetSystemDirectoryA
QueryDosDeviceA
DefineDosDeviceA
GetProfileStringA
CreateFileA
ReleaseMutex
GetCurrentProcessId
OpenMutexW
WaitForSingleObject
FindFirstFileA
FindNextFileA
GetFileAttributesW
GetModuleHandleW
GetDiskFreeSpaceW
CreateFileW
MoveFileExW
GetACP
MultiByteToWideChar
LoadLibraryW
FindFirstFileW
FindNextFileW
FindClose
LoadLibraryExA
FormatMessageA
LocalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GetTickCount
GetVersionExA
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
GetLocalTime
GetLastError
ExitProcess
Beep
Sleep
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
DeleteFileA
LoadLibraryA
GetProcAddress
FreeLibrary
HeapAlloc
CreateDirectoryA

user32

BeginPaint
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
IsDialogMessageA
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
GetClassLongA
GetWindowTextLengthA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
UpdateWindow
GetSubMenu
GetMenuItemID
DestroyMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDesktopWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetNextDlgTabItem
EndDialog
GetLastActivePopup
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostQuitMessage
SetPropA
GetCapture
GetActiveWindow
MapDialogRect
ShowWindow
GetPropA
RemovePropA
GetAsyncKeyState
GetFocus
SetFocus
IsWindowEnabled
LoadCursorA
SetCursor
GetDlgItem
GetWindowTextA
GetClassNameA
SetWindowTextA
GetSysColorBrush
UnregisterClassA
GetMenuItemCount
EndPaint
GetCursorPos
ClientToScreen
PeekMessageA
GetDC
ReleaseDC
GetClientRect
MessageBoxW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MessageBoxA
GetWindowLongA
GetWindowThreadProcessId
EnumWindows
SetActiveWindow
SetForegroundWindow
GetSystemMetrics
GetParent
SendMessageA
EnableWindow
SetTimer
ScreenToClient
GetWindowRect
SetWindowPos
PostMessageA

gdi32

SetWindowExtEx
ScaleWindowExtEx
GetStockObject
GetDeviceCaps
SetViewportExtEx
EnumFontFamiliesExA
ScaleViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateBitmap
EndDoc
DeleteDC
Escape
CreateDCA
StartDocA
SaveDC
SelectObject
GetTextExtentPoint32A
RestoreDC
DeleteObject
SetMapMode
GetObjectA
SetBkColor
SetTextColor
GetClipBox

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

exportedHeapusageDiagnostic
initDeviceLoadingBaseCode_02
inkUsage
propertiesWindow
revisionDate
setupDeviceDetails
writeDeviceClose
writeDeviceHeader
writeDeviceLine

Sections

.text
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 833KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ecf523dd844e789affdfcd0255056b8

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

Exports

Exports

Sections

.text Size: 346KB - Virtual size: 346KB

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 26KB - Virtual size: 833KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 44KB - Virtual size: 43KB

.text
Size: 346KB - Virtual size: 346KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 26KB - Virtual size: 833KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 44KB - Virtual size: 43KB