e85e95f2d51d74cda0da2108ec33a3e8296f63764c554fb1d54f7c895f6720fc

Sharing

Copy URL Twitter E-mail

General

Target

e85e95f2d51d74cda0da2108ec33a3e8296f63764c554fb1d54f7c895f6720fc
Size

587KB
MD5

9681b30ac99e45d5821bba92f909ee2b
SHA1

3c16ed3b12288254a1719f8d884800cd9377a805
SHA256

e85e95f2d51d74cda0da2108ec33a3e8296f63764c554fb1d54f7c895f6720fc
SHA512

92436270a065877064dcf8edb456d20a44de99db7a20537ee1343cced70d5dcd987d75c090d5100a8bb9182b1160c493a83c6acd3ed0b0d1413c577302c4e04a
SSDEEP

12288:p0J77QDjuFk4LJnqe4qRQhQePCdMgl6kf1TcEa8qznjEESYBbN:p0J77QDjuFkuJnqe4qRQhQePCd9l6kfU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e85e95f2d51d74cda0da2108ec33a3e8296f63764c554fb1d54f7c895f6720fc

Files

e85e95f2d51d74cda0da2108ec33a3e8296f63764c554fb1d54f7c895f6720fc
.dll windows:6 windows x86 arch:x86

e0895a0d7b74d346a64e786231f91470

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

FXSXP32.pdb

Imports

msvcrt

_initterm
_amsg_exit
??1type_info@@UAE@XZ
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_ftol2_sse
_wcsnicmp
_callnewh
free
_mbscpy
memcpy
wcsstr
wcscat_s
_wcsdup
??0exception@@QAE@XZ
__CxxFrameHandler3
wcsncpy_s
strrchr
wcscpy_s
iswspace
iswcntrl
wcsncmp
_CxxThrowException
_wcsicmp
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memmove_s
memcpy_s
_wsplitpath_s
iswalpha
swscanf
malloc
_XcptFilter
_wcsnset
memset
wcsrchr
wcschr
_vsnwprintf

fxsapi

FaxAccessCheckEx
FaxSendDocumentExW
FaxGetRecipientsLimit
FaxFreeSenderInformation
FaxConnectFaxServerW
FaxGetPersonalCoverPagesOption
FaxGetReceiptsOptions
FaxClose
FaxGetSenderInformation

kernel32

GetVersionExW
GetComputerNameW
lstrlenW
ExpandEnvironmentStringsW
FreeLibrary
GetProcAddress
CreateDirectoryW
GetFileAttributesW
ReadFile
HeapCreate
GetProcessHeap
HeapAlloc
HeapFree
WaitForSingleObject
GetModuleFileNameW
SetFilePointer
GetFileSize
OutputDebugStringW
SetEndOfFile
UnmapViewOfFile
GetFullPathNameW
MapViewOfFileEx
CreateFileMappingW
CopyFileW
GetCurrentThread
LocalFree
SetLastError
MulDiv
FindFirstFileW
GetLastError
FindNextFileW
FindClose
WideCharToMultiByte
MultiByteToWideChar
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
OutputDebugStringA
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
OpenMutexW
CreateMutexW
CreateEventW
SetEnvironmentVariableW
WaitForMultipleObjects
ReleaseMutex
CreateProcessW
MapViewOfFile
VirtualAlloc
VirtualFree
InterlockedCompareExchange
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
GetSystemTime
SystemTimeToFileTime
lstrlenA
GetTempFileNameW
GetTickCount
LoadLibraryW
DisableThreadLibraryCalls
CreateFileW
WriteFile
CloseHandle
MoveFileW
DeleteFileW
GetProfileIntW
GetTempPathW
GetFileType

advapi32

RegQueryValueW
GetTraceEnableFlags
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
SetSecurityDescriptorDacl
GetTokenInformation
ReportEventW
GetTraceEnableLevel
GetTraceLoggerHandle
IsValidSid
GetLengthSid
CopySid
RegisterTraceGuidsW
OpenThreadToken
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
UnregisterTraceGuids
TraceMessage

winspool.drv

FindFirstPrinterChangeNotification
FindNextPrinterChangeNotification
FindClosePrinterChangeNotification
GetJobW
SetJobW
DocumentPropertiesW
EnumPrintersW
OpenPrinterW
GetPrinterW
ClosePrinter

gdi32

CreateDCW
GetObjectW
StartDocW
EndDoc
GetDeviceCaps
EndPage
StartPage
SetMapMode
DeleteObject
TextOutW
GetTextExtentExPointW
GetTextMetricsW
SetBkMode
SelectObject
GetStockObject
DeleteDC
StretchDIBits
CreateFontIndirectW

user32

MessageBoxW
WinHelpW
MessageBeep
DialogBoxParamW
CreateWindowExW
GetWindowTextW
InvalidateRect
UpdateWindow
EndDialog
CheckDlgButton
GetWindowContextHelpId
BeginPaint
EndPaint
SetWindowTextW
LoadStringW
SendMessageW
IsDlgButtonChecked
GetDlgItem
EnableWindow

shell32

SHGetFolderPathAndSubDirW
SHSetLocalizedName
SHGetFolderPathW
ShellExecuteExW

mapi32

ord62
ord17
ord140
ord75
ord82
ord185

comdlg32

ChooseFontW

tapi32

lineInitializeExW
lineSetCurrentLocation
lineGetTranslateCapsW
lineTranslateAddressW
lineShutdown
lineTranslateDialogW

Exports

Exports

ServiceEntry
XPProviderInit

Sections

.text
Size: 432KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0895a0d7b74d346a64e786231f91470

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

fxsapi

kernel32

advapi32

winspool.drv

gdi32

user32

shell32

mapi32

comdlg32

tapi32

Exports

Exports

Sections

.text Size: 432KB - Virtual size: 432KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 151KB - Virtual size: 151KB

.text
Size: 432KB - Virtual size: 432KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 151KB - Virtual size: 151KB